Abstract:
In order to maintain the high availability, reliability and safety of an industrial environment, particularly a complex distributed environment, access to industrial assets is required by first party and third party people and machines. Field technicians, maintenance engineers and managed service providers, among others, often need access to industrial assets. Their jobs require them to maintain and monitor equipment and perform security processes such as patching and log collection. Having humans perform these tasks in person may not be practical or even possible, making remote access an absolute necessity.
While these remotely performed activities are often critical to plant safety and operations, having connectivity from the outside and allowing various remote access processes, especially by third parties, increases the ICS attack surface. It's imperative to protect against malicious attackers who aim to exploit this access. NextNine experts established a set of best practices for securing remote access to industrial assets:
- Implement top-down control: All third party remote access to the industrial network must be funneled and authenticated through a single location.
- Protect asset credentials: Provide remote user privileged access without sharing assets' credentials.
- Enforce accountability and monitoring: All users' activities should be monitored and audited with OT being able to approve, deny or terminate a session as necessary.
- Use a policy-driven to access: Set all user access to "least privilege" mode and provide exceptions to the policy on an individual basis. Use a flexible rule engine to define access granularity: who can access which asset(s), when, from where, using which protocols, and doing which activities.
- Secure Tunnel: A complete solution requires remote access to run on top of a robust and secure connectivity infrastructure.
Secure remote access coupled with a secure tunnel between plant and head office, can be used as a spring board for implementing additional OT security policies, thus improving the organization security posture and compliance state.