Need continuing education credits? Join Us For Five Days of Education on the Industry's Leading Topics beginning October 5th!Save Your Seat
Cybersecurity

Protecting worker safety, security after COVID-19 pandemic

Expectations for workers are changing due to the pandemic. Even after they return to work, it's going to be different, and companies need to adjust to this and ensure their workers are cyber-secure.

By Gregory Hale June 3, 2020
Courtesy: Keagan Gay, CFE Media and Technology

While the global COVID-19 pandemic remains in full swing, and against the wishes of health officials across the world, more workers will start filtering back to offices as states reopen for business. As the rush to grant remote access to a multitude of workers was on a few months ago, security professionals may now need to start scaling back the access they granted – or will they?

Also, a question still remains about whether companies will fall back into how they conducted business, or will they evolve from this latest catastrophe and learn and become stronger?

“I think the real challenge for most companies is that ‘going back to work’ isn’t going to be like it was in the past,” said Eric Byres, chief executive at aDolus, which provides software intelligence for critical infrastructure. “As an industry, we’re going to have to get used to more ‘working from home’ or ‘working remotely.’ Gone are the days when we can expect staff to jump on a plane for every troubleshooting call in the field. Certainly, some engineering and service work will require staff on site, but much more remote engineering will become the norm.”

It also means those working on protecting network access need to have a greater understanding of who did what when they were working from home.

Understanding the environment

“As a system administrator managing the new requirements for remote access, as we scale back who has it and how do I monitor or lock back down, I would imagine you have a host of use cases from engineering/instrumentation which likely has a more open access and higher possible impact,” said Rick Kaun, vice president of solutions at Verve Industrial Protection, a cybersecurity protection provider.

In the new work environment, it will also mean there will be stronger and more remote access and VPN use.

“Unfortunately, industry as a whole hasn’t done well with VPN or remote access solutions,” Byres said. “It is an area where I see a lot of confusion, mis-configuration and ad hoc solutions. This results in a much-expanded attack surface that the bad guys can and will exploit. For example, I recently worked with a company that had some very unusual traffic detected coming out of their well-secured control network. However, by the time the traffic was detected, the IP addresses generating the traffic no longer seemed to exist. I’m guessing the suspect machine was probably outside the company network but using a temporary VPN connection from inside to get its IP addresses. So, security professionals will really need to bone up on their remote access and VPN security methodologies and the SoCs will have to make sure their detection systems are prepared to track encrypted sessions leaving the plant floor.”

With more workers on the verge of returning that continues to raise a question of how protected where the home networks and how did that affect the company’s system?

“The notion of how secure is the equipment being used by remote workers is a big one,” Kaun said. “If I gave VPN access to everyone and they used home systems, can we enforce certain security controls on personal systems? Not likely. So, do we only allow remote through company owned systems? If so, I would want an end point management or container type of security tool on them. Or for the personal systems, can we buy containerized security tools and distribute to personal PCs?”

While things may have worked well while everyone was working from home, but when it is time to come back, another review of security devices may be in order.

Test devices

“If you are coming into a plant that has been run with a lot of remote staff over the past few weeks (and isn’t usually), you’d expect to see some infiltrations and needed cleanup,” Byres said. “So, I’d be pouring over my machine, firewall and IDS logs with a fine-tooth comb for the next few weeks.”

Also, when everyone does get back to whatever the new normal is going to be, they will need to sit down and take a deep breath to comprehend what just happened.

“I would think that I would want to review my companies’ response and see if there were ways to better prepare for this if it ever happens again,” Kaun said. “I guess for me it would be as much or more about – OK – we saw what happened and where it got ugly. How do we do it different/better next time?”

This content originally appeared on ISSSource.comISSSource is a CFE Media content partner.


Gregory Hale
Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector.