The current situation is complex and constantly evolving. The Covid-19 pandemic has left the vast majority of us adjusting to a life of remote working. This is easier said than done, particularly for OT networks which weren’t created with remote access in mind.
Now is the perfect time to reconsider your organisation’s stance on remote access. This post will look at some of the challenges you might be facing right now without remote access and the best practices you should follow.
- Determine Business Goals
- Define Process Controls
- Ensure Robust Security Measures Are in Place
- Create Privileged Access Control
1. Determine Business Goals
To ensure your organisation gets the most from secure remote access, you should start by determining the goals you need to achieve. Consider the challenging situations that might require remote access.
A business driver might be that your factory is located in an inhospitable place. Skilled workers might need to fly around the world just to get to the site. Hardware that’s managed by manufacturers might cost millions of pounds to replace, i.e. transformers and pumps.
If the site has strict access controls, then it can be a real challenge to move workers in and out. It might even be impossible at certain times of the day or night. But what if an outage takes place during one of these no-access times or during an emergency that prevents travel?
Hypothetical scenarios like these help you to collate the necessary business goals. Safe production, keeping assets going, reducing maintenance costs and improving business efficiency should all be aims that remote access address.
2. Define Process Controls
Consider a physical visit to a site. It will be pre-arranged and there may be security checks that need to be completed before someone is allowed entry on site. When on site, card access on doors and CCTV are just two of the controls that will probably be in place.
Then, in addition to being escorted wherever you go, there might be a lengthy induction to undertake before you can even start work. You’ll need to have the right PPE and relevant safety qualifications too. Any equipment you use will be logged and checked to stop you from taking anything off site, or introducing something that’s unwanted.
Now think about a remote access visit. Why should a virtual process be any less regulated than a physical one? You’ll need to outline key process controls to ensure that your systems are protected. Understand what you need to achieve as a business and find technology that fits that goal, not the other way around.
3. Ensure Robust Security Measures Are in Place
Remote access can feel like a balancing act. You need to give your staff/contractors access to the systems they need but without compromising availability, integrity or security. After all, remote access enables connections from anywhere at any time, this means your systems are open 24/7 from any country. Remote working presents a range of security questions you’ll need to consider to ensure your organisation is protected.
There are obvious security concerns that can present a threat if security isn’t taken seriously, i.e. exposing RDP (Remote Desktop Protocol) to a public network without additional controls. Remote workers and unprotected gateways are easy avenues of attack for cybercriminals who are looking to access valuable business information.
Many organisations had to act quickly when shifting to remote operations. This means they might be using remote desktop tools (like TeamViewer) which aren’t designed for managing OT systems. Alternatively, they might have created ad hoc 4G connections without following best security practices. Whatever their setup, if they’re using public networks then there’s likely very little monitoring in place which may lead to a devastating breach. With the abundance of data breach data available on the dark web, usernames and passwords are often re-used. Are one of these credentials present on your recently commissioned remote access system?
There are different remote access solutions available which can protect your organisation from threats while still allowing staff to carry out their work. The NCSC advises that connections should be isolated with a protocol break. They quote: “If properly implemented, a protocol break and flow control, used in combination, can significantly reduce the ability of an attacker to compromise a system with a network-based attack”.
We recommend Claroty Secure Remote Access (SRA) which leverages a single entry point into the network, this uses a highly secure encrypted reverse tunnel for intra-facility communication ensuring no inbound firewall rules are required. Access is delivered as a graphical presentation layer that is hosted from the SRA device, thus breaking the network connection and isolating access. This keeps everything simple but safe, from file transfers to firewall configurations.
Just like onsite with CCTV, all actions undertaken can be monitored and recorded on SRA, allowing system administrators to quickly validate and terminate connection with suspicious behaviours and blocking further access attempts.
4. Create Privileged Access Control
If someone asked to borrow your phone to send a text to a friend, you wouldn’t let them also access the photos, files and banking information that are also stored on your phone. This is similar with privileged access control - only letting someone gain access to the services and information they need.
When setting up remote access, you might need to give certain individuals access to specific systems, only at times that align with your maintenance windows. It should go without saying that you should only let them access the information relevant to their work and only for the time they need to access it.
Effective remote access allows you to let individuals work with the systems they need to without giving them access to everything, this may include sensitive user credentials. This protects the organisation and allows you to be in control of your assets, while creating a detailed audit trail. This can also be tied into your change management database and event management ticketing system for full auditability.
The key to remote access is making sure you have the most effective resources at your disposal while providing the same checks and balances that would be carried out if the site work was physically undertaken. We have the expertise needed to make the switch seamless and successful. Plus, we use the industry’s most cutting-edge OT solutions to ensure your organisation can enjoy simple and highly secure remote access which you are in full control of.
Production, efficiency and security shouldn’t suffer just because your organisation wants or needs to embrace remote working. If you’re looking to implement secure remote access or you’re worried that your existing setup isn’t operating effectively, then don’t hesitate to get in touch with our team today.
Ready to Get Secure Remote Access Up and Running?
Our experts are on hand to coordinate and collaborate with you, ensuring your organisation is reaping all of the benefits of secure remote access. Our support engineers have all the tools and systems they need at home to help you.
Contact us today for more information on secure remote access and the assistance we provide.