How to design secure remote-controlled operations
Providing remote access to anyone—vendors, contractors or the most valued customers—can be very risky business, yet it’s often promoted as a way to help shorten unplanned downtime with remote troubleshooting. One means of risk reduction is two-factor authentication technology, which is designed to enable secure connectivity and future-proof breach prevention across an organization.
For cybersecurity awareness, just ask the folks at Target, Sony and the U.S. Office of Personnel Management (OPM). They were breached as a result of the theft of credentials of an extranet user—earning their place on CSO’s list of the biggest data breaches of the 21st century.
These types of attacks aren’t contained to enterprises. The Wall Street Journal reported that when Russian hackers infiltrated the control rooms of U.S. utilities in 2017, blackouts were potentially caused after the networks of trusted vendors were penetrated.
Yet, in an industrial environment, with systems located remotely or spread across multiple organizations’ responsibilities, maintaining mission-critical operations depends on providing extranet access. Gaps in security infrastructures arise when companies prioritize productivity over security and are reluctant to add security measures as they’ll make individuals jump through hoops to get to the needed information.
However, when it’s impossible to control all components involved in a connection, this provides an open invitation for attackers to steal credentials, often through malware techniques on a machine that does not belong to the hosting organization.
Remote access, a double-edged sword
Many remote access situations are unplanned such as when a piece of equipment fails and the technician is out of town, which requires the company to bring in a trusted third party for repairs. This urgency for immediate, unplanned access heightens the cybersecurity risk. Perhaps credentials are provided over the phone ("Your password is ‘password1’"), which is creating an open invitation for a hacker to gain access.
Remote access can be a double-edged sword: a necessity to keep productivity high, but also a low cost, easy entry point for hackers. The challenge is many of the leading market options to authenticate user logins, such as RSA SecurID and smart cards, have never found much traction among extranet users. Not only were they largely designed for enterprises, but they are quite costly, challenging to support and put too much burden on end users.
Two-factor authentication is needed
Best practices, including U.S. National Institute of Standards and Technology (NIST) recommendations, advise using strong authentication for all industrial control systems (ICSs). Many people think communication encryption mitigates the security risk, but even before the connection is made, credential exposure is the starting point and creates the vulnerability. Plus, practicalities and costs often get in the way.
Leaving authentication in the hands of the user is a surefire way for mistakes to happen. An even a bigger challenge is authenticating third-party users who don’t have the built-in foundation of a solid cryptographic virtual private network (VPN), which makes it impossible and impractical to authenticate. Without that level of credentialing, you may as well as be having a private conversation with a stranger.
To best secure remote access, public key cryptography, the gold standard for authentication, should be used. Some may dismiss it as complex and expensive, which is the case unless it’s built into an application. Mutual public key authentication is the most effective technical solution for ensuring no malicious third party can intervene in a communication; only the two parties involved in the connection can exchange information.
Six remote-access checkboxes
To get on the road to secure remote access, look for technology that checks the following boxes:
1. Built-in mandatory mutual authentication: No dependence on user discretion to access organization resources 2. Automatic creation of an end-to-end encrypted tunnel3. Operationally transparent to fit with existing cybersecurity systems: Provides an additional, not replacement, layer of security 4. Protocol independent to work with any combination of communications, whether WAN, LAN and any combination thereof 5. Responsive to unplanned deployment: Ability to be rapidly deployed to support secure connections 6. Software-free approach: Plug directly into network, without software or network configuration changes, using small hardware appliances.
Every business faces tough tradeoffs. When it comes to cybersecurity, it can be nearly impossible to measure the risk being introduced when unexpected remote access is urgently needed. Yet, as we’ve seen all too often, it only takes one unsecure point of entry for damage to be done. What’s needed is built-on, two-factor authentication to enable secure connectivity and future-proof breach prevention across an organization.
Tom Gilbert is chief technology officer, Blue Ridge Networks, a CSIA member. The CSIA is a CFE Media content partner. Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media, firstname.lastname@example.org.
Keywords: Remote control, cybersecurity
- Cybersecurity for remote industrial monitoring, cybersecurity
- Authentication and encryption help remote access
- Work on breach prevention.
When you connect to automation or other systems remotely, are you aware of methods to lower risks?