According to operational technology security management vendor Nextnine, an increasing number of devices are being connected to industrial networks, but providing remote access can be problematic if not managed properly. Here, the company explains how it can make remote access safer.
The upside of this Industrial IoT (IIoT) is that factories and other industrial enterprises are becoming smarter, more agile and more efficient operations and businesses. The downside is that connected industrial operations expose the Industrial Control Systems (ICS) of factories and manufacturing facilities to external cybersecurity risks.
Prior to connected industrial operations, physically isolating industrial equipment and operational technology was often considered sufficient for security purposes. However, maintaining secure industrial operations today is increasingly complex as connected operations typically cover multiple sites with a multitude of equipment from different vendors.
In connected industrial operations, vendors typically need access to the equipment they supply their industrial customers for routine maintenance activities, such as patching, hardening and log collection. However, having vendors perform these maintenance activities onsite is expensive. Instead, performing routine maintenance remotely is more practical.
Remote access is also required for rapid responses of employees and third party contractors to certain incidents, such as investigations into a sudden drop in production or a potential security breach.
However, the Nextnine CEO, Shmulik Aran warned that:
“Providing remote access can be problematic if not managed properly.”
Aran explained that today Virtual Private Networks (VPNs) are commonly used for remote access. VPNs are intended to provide a secure encrypted tunnel for transferring data between a remote user and equipment on the industrial network.
According to Aran, the use of VPNs for remote access has several drawbacks.
“First, each party is generally using its own VPN system. This means that each is creating a separate opening in the firewall protecting the industrial network. To no surprise, this is a cumbersome manual process that creates a huge headache for a plant’s security administrators. This also means there is at least one hole per vendor!”
Aran further explained that VPNs gives remote users excessive privileges to view and access equipment and devices for which they have no authorization. In addition, a VPN provides a two-way communication, which represents an attack vector for malicious activity.
As an alternative, many vendors have developed their own remote access systems, although these internally developed systems also require that multiple inbound and outbound ports in the firewall be opened.
“From what we see, many of these remote access systems lack basic security features, such as AAA and audit trails. The fact that a single end user may have upwards of 30 to 40 different vendors, with multiple operators, remotely accessing their network on a daily basis is both a security and logistical nightmare.
“We are increasingly approached by industrial enterprises that tell us that making their remote access less complex to manage and more secure is their top cybersecurity priority. We actually see this growing market requirement as one of the drivers for the demand for our ICS Shield security management solution.”
Aran recommends is that all remote access activities be channelled through centralized platform to minimize security risks, lower costs and improve accountability.
“This of course is reflected in our ICS Shield solution.”
ICS Shield is Nextnine’s operational technology security management solution for industrial enterprise to what Aran described as “to implement connected operations, while minimizing security vulnerabilities.”
ICS Shield automates the operational security policies with a focus on inventory asset discovery and cyber-hardening of the industrial network with security essentials, such as patching, antivirus protection, log collection ad compliance reporting.
As for secure remote access, Nextnine’s solution provides a framework for unifying the management of remote access based on centralized authentication, granular authorization and session accounting and control. The solution also includes a password vault for authenticating remote users without sharing device credentials and allows secure file distribution and data transfer from remote devices to the central operations and security center on top the remote user.