Analysis
Attacks and Vulnerabilities
Critical infrastructure
Features
Identity and Access Management (IAM)
Industrial Cyber Attacks
Secure Remote Access
Technology & Solutions
Threat Landscape
Vendors
Zero Trust

Adoption of remote access technologies can bridge skills gap, address cybersecurity needs efficiently

June 25, 2023
Adoption of remote access technologies can bridge skills gap, address cybersecurity needs efficiently

As the threat landscape continues to evolve, especially across the industrial and manufacturing sectors, securing remote access to these environments is critical. Cyber attackers exploit remote access to disrupt operations, steal intellectual property, and cause physical damage. To protect critical infrastructure, organizations can implement security measures like multi-factor authentication, VPNs (virtual private networks), RBAC (role-based access control), network segmentation, and continuous monitoring. These measures prevent unauthorized access, detect and respond to security incidents, and contain the impact of security breaches. 

Apart from these technical measures, industrial organizations can also adopt a security-first culture that emphasizes the importance of security and encourages employees to follow best practices for remote access security. By combining technical and cultural security measures, industrial organizations are better placed to protect their critical infrastructure and maintain business continuity.

Earlier this month, U.S. cybersecurity authorities released a guide to help network administrators and defenders secure remote access software. The document notes that while remote access is a useful option for many organizations, it can also be a threat vector across systems. If not properly secured, cyber actors can use or even control systems and resources and be used as part of living-off-the-land techniques.

In a recent survey released by TakePoint Research, 72 percent of survey respondents said enabling third-party access was the most important factor in needing remote access, while 68 percent also cited improving productivity as a top priority. The survey also found that 75 percent of respondents cited operational security threats, 67 percent cited advanced persistent threats (APTs) and 59 percent cited misconfiguration or unintended consequences as the top risks associated with remote access to industrial environments.

Furthermore, organizations of all sizes are concerned about the risks associated with remote access, with an average score of 8.61 on a scale of 1 to 10 indicating a high level of concern, according to TakePoint. Regardless of company size or industry, there is a significant gap between the level of concern about remote access risks and confidence in existing solutions. The study also found that the three most frequently cited deficiencies by respondents were lack of visibility (55 percent), inadequate user education and training (54 percent), and weak access controls (53 percent).

The need for remote access to industrial environments and equipment seems more acute today than in the past. In a two-part feature article, Industrial Cyber surveyed industry professionals to find out what has changed and what are the most significant drivers behind this change. 

Jonathon Gordon, directing analyst at Takepoint Research
Jonathon Gordon, directing analyst at Takepoint Research

This shift is primarily driven by the considerable cost reduction and enhanced efficiency associated with remote access, Jonathon Gordon, directing analyst at TakePoint Research, told Industrial Cyber.

“The COVID-19 pandemic further emphasized the importance of remote access as travel restrictions and safety measures prevented personal visits and travel,” according to Gordon. “To ensure system maintenance, configuration changes, real-time troubleshooting, and other essential tasks, many industrial sites increased their reliance on remote access capabilities. Additionally, the widespread adoption of remote work arrangements during and after the pandemic has contributed to this growing trend.”

Moreover, Gordon highlighted that the scarcity of skilled professionals in industrial cybersecurity has further amplified the demand for remote access solutions. “This limited availability of experts has spurred industries to embrace remote access technologies to bridge the skills gap and address their cybersecurity needs efficiently,” he added.

Ruben Lobo director of product management at Cisco IoT
Ruben Lobo director of product management at Cisco IoT

“Across all verticals, industries are accelerating their digitization efforts, connecting more things, and using more software to optimize processes or reduce costs,” Ruben Lobo, director of product management at Cisco IoT, told Industrial Cyber. “They are building more robust networks, making it easier to remotely access devices even when they are located in hard-to-reach field locations.”

Lobo added that at the same time, organizations are looking for ways to increase productivity and don’t always have skilled technicians on site. “They see technology as an enabler to optimize their limited pool of skilled human resources and reduce travel costs, especially as the recent pandemic has proved it to be possible to keep operations running by managing industrial assets remotely.”

“Maintaining production uptime has always been one of the top priorities for anyone in charge of industrial operations. Previously, remote access was seen as a tool for vendors and OEMs to troubleshoot machines and carry out maintenance,” Lobo added. “It is now a key part of business continuity plans, enabling in-house experts to quickly act and restore production in case of unexpected events such as natural disasters, pandemics, or other disruptions.”

Brian Dunphy, VP of Product Management, Claroty
Brian Dunphy, VP of Product Management, Claroty

Brian Dunphy, vice president of product management at Claroty, said that initially, the need for secure remote access in industrial environments was emphasized in early 2020 when enterprises worldwide faced the unanticipated challenge of quickly pivoting to remote operations at the onset of the COVID-19 pandemic. “For many, the need to rapidly implement remote access was done without implementing adequate security and monitoring controls.” 

“In addition to this, economic pressures brought about (or exacerbated) by the pandemic, such as inflation and supply chain constraints, compelled many companies to rethink their operational strategies,” Dunphy told Industrial Cyber. “Some relocated operations and many turned to third-party contractors rather than expanding their internal workforce. For example, manufacturers needing to keep production lines running amidst workforce shortages have increasingly relied on remote specialists for equipment maintenance.”

Threat actors are not blind to this rapid change and have viewed this as an opportunity to exploit, Dunphy added. “The combination of public breaches and increasing focus on regulatory requirements has raised awareness and need to take action to improve their remote access security to ensure compliance, security, operational continuity, and cost-efficiency.”

“The number of devices in the field has increased tenfold over the past decade and a half. There are simply too many for in-person management of all of them to be feasible with available staff. On top of that, the cost and risk involved in sending technicians to remote sites such as offshore wind farms are high,” Roman Arutyunov, co-founder and senior vice president of products at Xage Security, told Industrial Cyber. “Remote access enables safer, less expensive management of the increasing volume of operational assets in critical infrastructure. Remote access makes it possible to allow vendors and third-party service providers to manage and maintain their systems from afar.” 

Roman Arutyunov co-founder and-vice president of product, Xage Security
Roman Arutyunov co-founder and-vice president of product, Xage Security

Arutyunov added that this rapid expansion comes with risks. “The demand has outpaced the adoption of appropriate tools, so industrial operations teams have deployed a patchwork of IT-centric management and monitoring tools that actually expand their cyberattack surface. Cobbled-together VPNs, Jump Boxes, open firewall ports, and shared credentials run rampant, leaving gaping holes in the security posture of these critical infrastructure operations. There could be thousands of assets within OT segments exposed to malware, and once that malware is in, it can spread laterally across the whole segment undetected.”

“Attackers are waking up to the vulnerability of these valuable targets, leading to skyrocketing numbers of attacks against critical infrastructure,” according to Arutyunov. “A new, zero trust approach to remotely managing, monitoring, and securing critical assets is urgently needed.”

The experts also look into the biggest risks/threats associated with industrial remote access. 

Gordon said that remote access in OT environments is crucial for operational continuity, but it also presents security risks. These risks include open doors, backdoors, and limited restrictions. 

“Insiders and vendors may have unrestricted access to OT assets externally, which, when combined with weak authentication and insufficient monitoring, invites insider abuse and external attacks,” according to Gordon. 

When it comes to backdoors, he added that early implementations often lack monitoring and administrative capabilities, leaving gaps and publicly exposed backdoors. “This includes instances where remote connections remain open indefinitely, unauthorized third-party access, undocumented entry points, unmonitored IT tools, and unsecured temporary access.”

He further added that some remote access OT VPNs encrypt communications but fail to enforce activity restrictions once access is granted. “This oversight allows unauthorized actions to occur.”

Lobo outlined that remote access has become a key element of running industrial operations. “In most organizations, stakeholders have installed their own solutions: machine builders, maintenance contractors, or the operations team itself. When we run network assessments, it is quite common to identify cellular gateways that nobody knew about or remote access software that IT was not controlling.” 

He pointed out that these LTE backdoors are at complete odds with the OT security projects being undertaken by the IT/CISO teams. So customers need OT visibility solutions to ensure the effectiveness of their remote access policies.

“This shadow IT has become a major threat as it makes it very difficult to control who is connecting, what they are doing, and what they can access,” according to Cisco’s Lobo. “In some cases, these uncontrolled remote access solutions can be used to gain full access to the entire network. Bad actors could gain control of equipment, manipulate processes, steal intellectual property, or even tamper with physical equipment, potentially leading to safety hazards or accidents.”

Poor credential management is certainly the biggest threat to industrial remote access. Stolen credentials, password reuse, weak passwords, and lack of multi-factor authentication are making bad actors’ life too easy, Lobo added.

“When not executed with the proper security controls, remote access in industrial settings, especially operational technology (OT), exposes these critical environments’ significant cybersecurity risks,” Dunphy said. “The use of traditional IT-focused solutions, like VPNs, by third-party vendors for remote access provides broad access to mission-critical OT systems. Compromised user laptops that connect via these VPNs can easily create a path for threat actors to gain access to key operational systems. 

Further, Dunphy pointed out that intensifying the situation is the inability of standard IT solutions to enforce granular role-based access controls or terminate access promptly when necessary. “This gap can allow unauthorized access to critical environments, causing control system manipulation, safety hazards, and increased potential for system disruptions.” 

“Third-party contractors often are transient, leading to either dormant accounts that can later be accessed well after they are required and/or authorized and in many cases shared accounts that are passed along from contractor to contractor.  These both create opportunities for account misuse and/or compromise,” Claroty’s Dunphy added. 

He further zeroed in on the lack of two-factor authentication frequently results in stolen credentials as many users will often leverage the same credentials across a wide variety of systems and/or are easy to guess. “Frequently, organizations also lack the capability to effectively monitor who is accessing their operational environments and what they are actually doing. This limits their ability to identify and respond to unauthorized access and malicious activity.”

“OT in industrial settings is built to last. Many of these assets are decades old and were not built to be secured against modern cyber threats. They may be impossible to patch at all or require unacceptable levels of downtime and system architecture to make them secure,” Arutyunov said. “Connecting them to the network to enable remote access exposes these vulnerable assets to attacks.”

Arutyunov added that industrial organizations are compelled to maintain different identity and access management systems across their IT and OT systems, so technicians have to use multiple identities and credentials, which causes friction that leads to risky workarounds. “Additionally, technicians are given much broader access than they need to fulfill their role. This patchwork of systems limits the security team’s visibility into which users and assets are even present in the system, and what they are doing.” 

“Logging user and machine activity to detect or investigate active threats is a challenge. If their credentials are compromised, an attacker gains broad, unmonitored access to the organization’s most sensitive assets,” according to Xage’s Arutyunov. “The risk of a compromised identity leading to an attacker gaining access and spreading malware throughout an environment is high.” 

Lastly, Arutyunov added that sites have intermittent connectivity. “They often lose connection to centralized identity infrastructure, thus cutting off access to assets when the network is down. “The technology at the site needs the ability to keep working even if the internet goes down. Suppose the identity and access management solution relies on a connection to the cloud to retain and enforce the policy. In that case, a site with intermittent connectivity is less secure whenever the internet goes out.”

In the next part of the two-part article, scheduled to be published Monday, the experts will examine why it has taken so long for some plant owners and operators to become aware of the significant risks, even though remote access has been around for years. They will also highlight the best practices our readers should consider when securing remote industrial access.

Anna Ribeiro

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation