Remote access has long been a great way to allow timely and cost-effective maintenance of systems. Often, a problem can be fixed in an hour of remote diagnostics versus a day of travel and an hour on-site. On one occasion, I actually hooked a 56K modem up to a machine so I could remotely diagnose it and download a new program. I wouldn’t recommend the modem option in this day and age, but there are now tons of options.
Each of these options has its own considerations. That’s why OMAC created a working group on remote access cybersecurity for OT systems. I was pleased to be a part of this working group and the final guide has been published here.
The document is broken down into four main segments.
Threats
Where do threats come from? The paper discusses some of the major vectors:
- Insiders
- Hacktivists
- Cybercriminals
- Terrorists
- Enthusiasts
- Nation-states
Each type of threat actor is discussed in the guide. While we generally think of hackers trying to steal IP or money, the threats could just as easily be accidental operations by employees. A technician accidentally causing a loopback on a switch can take a line down just as effectively as a hacker can. The types of threat and who you’re going to be worried about is very dependent on your situation.
External Connections
The External Connections section focuses on some of the common connection methods in use today:
- Cell modems – Generally some form of direct connection into a machine over a cellular network. This could be a direct cellular gateway or a technician tethering their maintenance laptop to their cellphone.
- VPN – Virtual Private Network is a tunnel through the plant firewall. This requires some kind of account with the factory VPN system.
- Converged networks – VPN with a second secure switch that requires additional permissions to be granted to access the desired network. This is effectively a more secure version of VPN.
- Black boxes – Vendor/OEM provided box that provides a VPN tunnel through the factory network to the machine.
- External managed networks – Similar to a black box but works with the remote access device vendor’s cloud service. An example of this is Ewon or Tosibox.
These are all viable ways to handle remote access. They vary by ease of use, cost, scalability, and security. What makes sense for you is dependent on your IT/OT infrastructure and staff’s ability to handle the administrative and security tasks inherent to the remote access method.
Challenges Inside the OT Network
Now that you’ve opened your network for remote access, there are risks to be considered:
- Can an external user accidentally introduce malware to your system?
- What if they access and download to the wrong equipment or, worse, download a dangerous change that could injure someone?
- HMI devices have been running variants of Windows for 20+ years. It is almost certain that opening your network can allow access to vulnerabilities that cannot be patched.
Just opening access is the first step but, once you’ve done that you need to pay attention to the attendant risks and develop policies and procedures to minimize that risk.
Policies and Procedures
This section covers some of the ways you can mitigate the challenges in the previous section. This covers the following concepts and more:
- Zero trust – Every point of access must require authentication. There is no more leaving the barn door open as soon as you’ve entered the one shared password that gets you into the network.
- Limit accessibility – The access should be for the system being maintained and not the entire OT network. This helps both with target validation but also helps limit spillover to other systems.
- Time-limited access – There should be no opportunity for someone to log in on Saturday night and make changes without your knowledge.
- Log activity – Being able to trace a problem that occurred from a remote access event involves knowing that remote access happened in the first place.
- Know what’s in your facility – It’s hard to protect a facility when you don’t actually know what’s on the network!
I pulled out a subset of key concepts from the paper but each of the items in this section should be considered to help make a workable system that is both as secure as (reasonably) possible while still being usable.
Summary
There is no one right way to go about remote access, much less, cybersecurity as a whole. The methodology for your organization might be obvious to you and your team. Even obvious solutions can be difficult to implement, and DMC can help you improve your remote access capabilities and processes.
Learn more about DMC's cybersecurity expertise.