"In an Operational Technology environment, JML processes are different compared to a regular operations" explained Alistair Macrae, ICS Cyber Security Consultant at Claroty during the 'Securing remote access to operational technology (OT)' webinar organised by the E&T Webinar Team.
He explained that in an OT environment, role-based access controls are time bound and solutions need to be able to keep up swiftly to changing access requests. Typically, when third party engineers access an OT environment, their access needs to be controlled to ensure ingress/egress traffic is accurately monitored. Reverse-tunnel concepts help can help play a role session integrity against and when used alongside frameworks like the perdu-model, you can better analyse where gateway/entry nodes should be placed on your network based off network segregation and zone separation.
His presentation explored the following Industrial Control Systems (ICS) remote access management best practices, along with use-case examples:
• Monitoring: ICS operators must be able to monitor all remote access to OT, actively manage user access requests, and be able to terminate sessions immediately. These capabilities markedly reduce the risk of exploitation by employees and contractors without imposing costly or burdensome barriers to productivity.
• Privileged Access Control: The ability to define and enforce granular access permissions for remote users interfacing is also essential. These policies should reflect a layered network defence model (e.g. the Purdue model) to mitigate lateral movement in the event of a compromise.
• Authentication: Whenever possible, industrial enterprises should limit—if not eliminate—the use of passwords for third-party users by requiring administrator approval for all remote access sessions. In situations where this is not practical or feasible, industrial enterprises should leverage password vaulting technology and enforce multi-factor authentication.
• Auditing/Compliance: Whenever the current period of flexible workplace arrangements comes to an end and we begin our return to a semblance of normalcy, industrial enterprises must maintain consistent and stringent audit requirements. By thoroughly documenting all remote OT sessions, organizations can prevent adversaries from exploiting this transition period as a moment of weakness while also meeting compliance requirements.
Given that Industry 4.0 is moving us all to integrated environments, combining OT environments security is going to be a core activity.
His presentation explored the following Industrial Control Systems (ICS) remote access management best practices, along with use-case examples:
• Monitoring: ICS operators must be able to monitor all remote access to OT, actively manage user access requests, and be able to terminate sessions immediately. These capabilities markedly reduce the risk of exploitation by employees and contractors without imposing costly or burdensome barriers to productivity.
• Privileged Access Control: The ability to define and enforce granular access permissions for remote users interfacing is also essential. These policies should reflect a layered network defence model (e.g. the Purdue model) to mitigate lateral movement in the event of a compromise.
• Authentication: Whenever possible, industrial enterprises should limit—if not eliminate—the use of passwords for third-party users by requiring administrator approval for all remote access sessions. In situations where this is not practical or feasible, industrial enterprises should leverage password vaulting technology and enforce multi-factor authentication.
• Auditing/Compliance: Whenever the current period of flexible workplace arrangements comes to an end and we begin our return to a semblance of normalcy, industrial enterprises must maintain consistent and stringent audit requirements. By thoroughly documenting all remote OT sessions, organizations can prevent adversaries from exploiting this transition period as a moment of weakness while also meeting compliance requirements.
Given that Industry 4.0 is moving us all to integrated environments, combining OT environments security is going to be a core activity.