Featured Image

Building an Advanced Cybersecurity Plan: Interaction Mapping

To build or enhance your company's cybersecurity plan, one of the first steps to consider is mapping out all access points to your company’s systems and network, including the interaction points between various systems within and outside the network.
May 06, 2022

One of the first steps that a company should consider when building or enhancing their cybersecurity plan is to map out all access points to the company’s systems and network, including the points of interaction between various systems within and outside the network. This task should be completed whether a company’s internal resources will be responsible for implementing the security plan or if these services are contracted with an outside organization.

This interaction map has two primary functions: (1) Define every point of vulnerability to your business systems; (2) Provide a clear path for deploying appropriate security functions to address each of these points of vulnerability. This map should be a living document capturing changes that may introduce new points of vulnerability or new interactions between systems that may require implementation of additional security functions.

The specific tool used to create the interaction map is not overly important – this will depend on the complexity of your network structure and the familiarity within your organization with various mapping tools. The key is to do the mapping and to keep it up to date – make it the working document upon which you build your overall cybersecurity plan.

When building the interaction map, it is not necessary to define every individual piece of equipment. For example, if there are 10 similar computers and users in the manufacturing operations office that all have similar capabilities and access rights to business systems, these can be grouped into a single class. Another example may be visitors who are granted access to your network or systems – these too can be mapped as a class if they have equal access and rights. When grouping interfaces into classes, it is important to assure that all security functions applicable to a class of equipment/users is applied to all.

The map should not only include computers, production equipment, and other devices directly connected to the business’s network; it should also include any other interface those devices have to other devices or systems outside the network. For example, all removable storage devices associated with computers or other pieces of equipment attached to the network should be mapped as additional points of vulnerability. Likewise, any devices that are owned by the company, visitors, vendors, personnel, etc. which may be temporarily connected directly to the network or connected to any device that is then connected to the network (e.g., a maintenance or service provider’s computer connected to a piece of production equipment) should also be included in the interaction map, along with any additional interfaces available to those devices. As you can see, this interaction map can get quite complex, but each of these access points is a point of vulnerability to the security of your business systems.

Another set of interfaces to be addressed in the interaction map are the interfaces between business systems and from business systems to databases/mass storage systems. This includes interfaces to resources both within the company or connected through the internet (or other remote connection). The importance of providing security functions for interfaces to resources outside the company are pretty clear. Consideration of the interface interactions between systems within the company are often overlooked. Defining these interfaces, limiting those interfaces, and deploying security functions to these interfaces are important to minimize the spread of a security threat across systems. Such security breaches can interrupt broad sectors of a business. Additionally, adding these security measures can minimize the potential for a “backdoor” security breach where multiple systems can be compromised once any one system is penetrated.

Once you have a clear picture of all points of vulnerability to your business systems, you now have a platform upon which to build the balance of your cybersecurity plan.

For more on this topic, we invite you to explore the Building an Advanced Cybersecurity Plan article series.

Part 1: Engagement and Reinforcement

Part 2: Interaction Mapping

Part 3: Access Control

Part 4: Electronic Media Protection

Part 5: Identification and Authentication

Part 6: Activity Logging, Auditing, and Traceability

Part 7: Network Resource Configuration Management

Part 8: Communications, Network, and Database Security 

Part 9: Personnel and Infrastructure Security

Part 10: Maintenance and Incident Response

Part 11: Risk Assessment and Vulnerabilities Testing

John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Any cybersecurity implementation involves a trade-off between a company’s tolerance for risk and the effort and costs associated with protecting the company’s resources and customers. Learn how to assess risk and test for vulnerabilities in your network.
A company's cybersecurity plan requires constant monitoring and maintenance in order to effectively detect, analyze, contain, recover, and prevent attacks. Learn what steps personnel should take when an incident is detected and how to maintain the system.
You can set up free machine monitoring in as little as 30 minutes using a tool created by the great folks at Oak Ridge National Laboratory (ORNL)...
Ultra-premium, bougie digital twin. Michigan incentivizes industry 4.0 embrace. Metal health. "Go hug a driver or hug a worker in a distribution center."
A key aspect of any advanced cybersecurity plan is oversight and management of company and supplier personnel to address events originating within a company – intentional or not. Find out what considerations should be made when implementing your plan.
Similar News
By John Turner | Sep 01, 2022

Advanced cybersecurity plans should include functionality for logging every attempt to access the network or critical areas on the network to protect business assets or as required for legal or contractual requirements. Read on to learn what that involves.

5 min
By John Turner | Jun 03, 2022

Access control in an advanced cybersecurity plan go well beyond usernames and passwords. It means defining, implementing, and monitoring rules to control which persons and systems may access resources within your company’s network and computer systems.

5 min
By John Turner | Jan 26, 2023

Any cybersecurity implementation involves a trade-off between a company’s tolerance for risk and the effort and costs associated with protecting the company’s resources and customers. Learn how to assess risk and test for vulnerabilities in your network.

4 min