Protecting Your OT Network: The Power of Protocol Isolation

The demand for technology that can support secure user access, both remote and onsite, has expanded beyond IT environments to include the operational technology (OT) and industrial control systems (ICS) that enable organizations in a variety of critical infrastructure (CI) sectors to function.

However, the priorities of IT environments (i.e., the confidentiality, integrity, and availability of data[1]) are inherently different than those of OT environments (i.e., the safety, reliability, and availability of operations[2]). The latter holds the potential to bring significant harm to humans and the environment if the environment were controlled by someone with malicious intent.

In addition, it is not unusual in critical infrastructure environments for OT/ICS assets of varying complexity, functionality, and states of cybersecurity to be connected using a mix of network protocols. This can complicate the task of securing a trusted OT network from cyberattacks. As such, when it’s not possible for teams to individually secure the full combination of assets and protocols in use, isolating them individually within their specific network is a smart approach.

In fact, in Fortinet’s 2022 State of OT and Cybersecurity Report OT professionals ranked the “protection of protocols for industrial control systems” as the second most important feature for cybersecurity solutions.

Why Protocol Isolation is Important

Enterprise IT has standardized to a great extent on the Transmission Control and Internet Protocols (i.e., TCP/IP). However, as stated previously, within an OT network environment, several protocols are often in use. These may include the Remote Desktop Protocol (RDP), Secure Shell Protocol (SSH), Virtual Network Computing (VNC) protocol, and others.

Organizations that use these protocols may open the door for malicious actors to harvest credentials and move throughout the network. As the Cybersecurity and Infrastructure Security Agency (CISA) points out, whoever controls the routing infrastructure of a network essentially controls the flow of data. An attacker with a presence on an organization’s gateway router, or internal routing and switching infrastructure, can monitor, modify, or deny traffic either to and from the organization or within its network. Isolating protocols and functions, along with segmenting the network, limits what threat actors can do once inside the network.

In industrial settings, the ability to isolate protocols such as RDP, SSH, and VNC is critical. Traditionally, these protocols were assumed to be secure because they were used in OT environments with assets that were “air gapped” from the public Internet and IT networks. This made attacking OT environments difficult – if not impossible and made attempts to compromise them less likely than attacks against more “target rich” IT systems. It also made it very that an attack against an IT network would originate from an OT environment.

However, IT and OT systems are converging, combining the use of both IT and OT protocols. That merging has increased efficiencies, allowing the use of data and analytics to streamline operations, and enabled remote plant operations for geographically dispersed organizations. But it has also introduced vulnerabilities and made OT systems, many of which were never intended to be connected to untrusted networks, a more attractive target for threat actors.

So, while IT has standardized on TCP/IP, the world of OT/ICS still uses an array of protocols, many of which can be specific to the functional operations of equipment, a type of industry, or even geographical locations. Integrated IT and OT systems may use the same hardware, but they still operate differently, with significant variations in the software and protocols used.

Too many OT systems are also outdated from a systems standpoint, with them running unsupported and/or unpatched software. These systems may rely on outdated operating systems, such as Windows XP. OT systems that are networked with IT systems can also be vulnerable through open ports that lack proper access and protocol controls.

Each of these factors has increased the importance of protocol isolation, as the air gaps that once existed between OT and IT systems need to be effectively replicated by other means to protect those systems.

How Isolating Protocols Improves Network Security

The practice of isolating systems, protocols and other elements of a network is gaining attention as organizations become increasingly cloud-based and geographically dispersed. Treating an OT network like an IT network holds the potential for disaster given very different priorities. While an IT organization may recover from a data breach by a malicious actor, someone gaining access to a nuclear power plant’s control systems speaks to the potential for a far more dire set of consequences.

Network segmentation is one way to prevent malicious actors who may gain illegal access to a network from moving laterally across the overall network to steal data or inflict damage. However, network segmentation can be very complex and invasive – and CI organizations often don’t have the networking expertise for such an initiative.

The goal of protocol isolation is conceptually like network segmentation, except it is the network protocol and the assets to which they are connected that are isolated. And unlike network segmentation, it does not need to be either complex or invasive.

Protocol isolation can prevent malicious actors from lateral movement across a network. It can also address one of the shortcomings of the VPN technology used by some CI organizations, which aren’t designed to isolate protocols or prevent lateral movement within a network. This is especially true if done in concert with a zero-trust architecture that enforces the principles of least privilege.

How XONA Uses Protocol Isolation

As mentioned previously, the demand for technology that can effectively support secure user access, both remote and onsite, has expanded to include the OT and ICS that enable organizations in a variety of critical infrastructure (CI) sectors to function.

Given security concerns about allowing access by bad actors into these environments, the XONA Critical System Gateway (CSG) is delivered with protocol isolation as a core piece of its feature set. It confines the use of RDP, SSH, and VNC protocols to a specific trusted network and isolates them from untrusted environments, such as the Internet or an IT network.

In addition, once a live data stream from an OT/ICS asset reaches a XONA CSG it is converted into graphics files and presented (bi-directionally) to the OT/ICS operator as an encrypted interactive video stream. This eliminates the possibility of a bad actor inserting malicious commands into the conversation between an OT/ICS operator and the XONA CSG.

Below is a visual depicting XONA’s approach to protocol isolation in our CSG gateway.

Protocol Isolation

Learn More

References:

  1. https://www.sans.org/posters/the-differences-between-ics-ot-and-it-security/
  2. https://www.sans.org/posters/the-differences-between-ics-ot-and-it-security/

ICS/OT Security Practitioners Agree. Your Technology Matters.

ICS/OT Practitioners Share Their Unique Requirements & Concerns

SANS released its annual ‘State of ICS/OT Cybersecurity’ report in October 2022. It reflects survey results from 332 ICS/OT organizations representing a range of industrial verticals.

According to respondents, their 2nd biggest challenge in securing OT technologies and processes is that “traditional IT security technologies are not designed for ICS and cause disruption in OT environments.” [1] That certainly applies to Secure Remote Access for ICS/OT, the application for which XONA Systems has created a purpose-built solution.

biggest challenge in securing OT technologies and processes

Figure 3. Biggest Challenges in Security OT Technologies and Processes

This viewpoint is not surprising. In February 2022, SANS created an infographic[2] that cited the differences between cybersecurity for ICS/OT and IT environments. It offered guidance on defining the differences between cybersecurity defense methodologies, security controls, safety, impacts, skill sets, and the security missions for ICS/OT versus IT.

One example cited was the (likely) application of a popular remote access and control program named TeamViewer as the vehicle that unidentified cyber actors employed to compromise a U.S. Water Treatment facility.[3] TeamViewer is widely used in traditional IT environments to enable IT personnel to install/update software on a computer where administrative rights are withheld from the end-user out of security concerns.

Another challenge, according to SANS, is that “ICS/OT assets are often compared to traditional IT assets; however, traditional IT assets focus on data at rest or data in transit, while ICS/OT systems monitor and manage data that makes real-time changes in the real world with physical inputs and controlled physical actions.” As such, ICS/OT cybersecurity must support the safe operation of critical infrastructure, not the other way around.

Other findings:

  • A compromise in IT is the #1 (40.8%) initial attack vector allowing threats into OT/ICS networks.
  • Lowering risk/improving security and preventing information leakage are the #1 (53.6%) and #4 (29.1%) OT/ICS business concerns.
  • Operator assets, such as a human-machine interface (HMI) or operator workstations, are considered one of the control system components at greatest risk (#2 at 43% – up from 32% in 2021) and one of the control system components with the greatest (negative) impact if compromised and exploited (also #2 at 39.8%).

control system components at greatest risk

  • Once safety risks and operational impacts from a cyberattack are seen, it’s too late.

Of note is the viewpoint that “ICS security is not a ‘copy/paste’ of IT security. That there’s a misconception that IT security practices can be directly applied to ICS environments.” Although a wealth of knowledge is available from IT security, a “copy and paste” of IT security tools, processes, and best practices into an ICS could have problematic or devastating impacts on production and safety.

Download The Complete Report

References:

  1. SANS – The State of ICS/OT Cybersecurity in 2022 and Beyond (Dean Parsons, OCT 2022)
  2. The Differences Between ICS/OT and IT Security Poster | SANS Institute
  3. Compromise of U.S. Water Treatment Facility | CISA

 

OT:ICEFALL: Addressing Operational Technology Equipment Flaws with Zero-Trust Controls

A new report on Operational Technology (OT) equipment flaws from automated cybersecurity software company Forescout outlines the alarming state of OT security. The report titled OT:ICEFALL was crafted by researchers at the company’s Vedere lab. It breaks down 56 vulnerabilities affecting 26 devices from 10 vendors in OT.

The findings sound an already blaring alarm about how many OT systems and components are insecure-by-design. While there has been a concerted effort to harden OT security over the last decade, most OT still in use today was not designed with any security features in mind. Since industrial equipment is built to last for decades in service, connecting technology still in use today to a network or the outside world was not even a thought when it was designed and implemented. And now that connectivity is becoming a necessity, we’re playing catch-up when it comes to security.

Therefore, most OT is considered “insecure-by-design.” And by extension of the fact that security in OT has been an afterthought, vulnerabilities have historically not been assigned a Common Vulnerabilities and Exposure (CVE) classification. As Forescout points out in its report, the lack of any standard mechanism for tracking and giving visibility to vulnerabilities in OT makes it very difficult for operators to find issues in their systems, and for vendors to fix them.

Forescout’s report is an important resource because it compiles vulnerabilities from major OT vendors in one place. One of the most interesting things the company found by digging in further is that 74% of the affected product families have some form of security certification – which raises serious concerns about the state of OT security certifications. As the research says, “most issues we report should be discovered relatively quickly during in-depth vulnerability discovery.”

Another interesting component of the report is how it divided the vulnerabilities into different categories for the type of risk they enable. More than one-third of the vulnerabilities identified in the report (38%) allow for the compromise of credentials, which is by far the biggest threat. Firmware manipulation is the second biggest threat (21%), followed by remote code execution (14%). Other threats include configuration manipulation, denial of service, authentication bypass, logic manipulation, and file manipulation, which are all potential risks from less than 10% of the identified vulnerabilities.

OT:ICEFALL Vulnerability Types

Source: Forescout OT:ICEFALL Research Report, July 2022

The potential negative outcomes due to Insecure-by-design OT could be catastrophic. If attackers get into a gas pipeline, water treatment facility, or power plant, human lives are at risk. This report shows how easily hackers can manipulate firmware, logic and files once they gain access to a network IF the company doesn’t have proper security models in place. In today’s age, companies need remote user access, but enabling it immediately increases their attack surface. So where do we go from here?

The industry must recognize that these vulnerabilities will not be resolved by simply patching the impacted systems. They are architectural in nature and can only be remitted by re-designing the system and completely replacing it, which can take 5-10 years. The other option is a built for OT, zero-trust user access platform that can be deployed to protect these vulnerable systems immediately.

To address the lack of secure-by-design industrial control systems, enterprises must implement a more universal zero-trust architecture to properly protect against these security flaws expeditiously. These zero-trust controls can include protocol isolation to immediately and drastically reduce the attack surface, strong multi-factor authentication to remove move weak authentication methods, moderated file transfer and moderated access to critical assets to provide added site level controls, and user access monitoring and session recording to ensure proper operations to conduct deeper forensics when threats emerge.

We can either continue to have the stress and consequences of systemic risk to public and economic safety, or we can implement modern and secure authentication and authorization zero-trust controls to address it immediately.

For more information on how Xona’s technology can protect your organization with its frictionless user access platform purpose-built for critical infrastructure, visit our resources page or reach out to schedule a demo.

“Pipedream” Malware Targets ICS: What Critical Infrastructure Owners Need to Know

Troubling new malware designed to facilitate attacks on a wide array of critical infrastructure – from oil refineries and power plants, to water utilities and factories – is raising concerns for its versatility. The malware, named Pipedream by Dragos and Incontroller by Mandiant, who have both tracked and researched the toolkit, is potentially capable of gaining full system access to multiple industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.

Fortunately, there is no evidence yet that the malware has been successfully deployed in the wild, but the threat it poses to critical infrastructure is severe enough to warrant an advisory from multiple federal government agencies. This joint advisory was issued by the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). It says:

APT actors have developed custom-made tools for targeting ICS/SCADA devices. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions.

There have only been a handful of known and credible malware threats designed to specifically target critical infrastructure. The first such example is Stuxnet, which was uncovered in 2010 and was developed and used by the U.S. and Israeli governments to destroy nuclear enrichment centrifuges in Iran. In 2016, Industroryer (also known as Crash Override) was used by Russian actors to target electrical infrastructure and force blackouts in Kiev, Ukraine. Triton or Trisis was discovered in 2017, and again used by Russians to target Saudi Arabian oil refineries. Most recently, Ukrainian security officials detected a new variant of Industroyer linked with the current Russian offensive, just a few weeks ago.

Since Stuxnet opened the door to malware targeting critical infrastructure more than a decade ago, these are the most prevalent instances to be uncovered. And without even recording proof of it being deployed in the wild, Pipedream/Incontroller already stands apart because it can manipulate such a wide variety of industrial control programmable logic controllers (PLC) and industrial software used across industries.

In their joint advisory, DOE, CISA, NSA, and the FBI urge critical infrastructure organizations to implement a series of detection and mitigation recommendations to strengthen their security posture against the Pipedream/Incontroller threat. Among the 13 recommended steps outlined, XONA already naturally provides organizations with eight of them, including:

  • Isolating ICS/SCADA systems and networks from corporate and internet networks using strong perimeter controls, and limiting any communications entering or leaving ICS/SCADA perimeters.
  • Enforcing multifactor authentication for all remote access to ICS networks and devices whenever possible.
  • Limiting ICS/SCADA systems’ network connections to only specifically allowed management and engineering workstations.
  • Implementing robust log collection and retention from ICS/SCADA systems and management subnets.
  • Ensuring all applications are only installed (accessed) when necessary for operation.
  • Enforcing principle of least privilege. Only use admin accounts when required for tasks, such as installing software updates.

For more information on how XONA natively includes these protections for its customers and to learn how our technology can protect your organization, visit our resources page or reach out to schedule a demo.

Understanding ISA/IEC 62443 Standards for Industrial Networks, OT, and Critical Systems

There are many significant technology-enabled changes taking place in industrial environments today. Smart factories and Industry 4.0. The Industrial Internet of Things (IIoT). The convergence of information technology (IT) and operational technology (OT). All of these things are introducing digital technologies at a fast pace to improve operations, increase productivity, enhance oversight, and increase profitability.

For all the good the technologies offer, there’s also a dark side that opens up the digital environment to vulnerabilities that can enable cyberattacks, theft of intellectual property, and even cyberwarfare.

The threats and concerns of attacks on industrial systems are clearly evident by the recent Biden Administration and the Cybersecurity and Infrastructure Security Agency (CISA) warning that Russia has been conducting “preparatory activity” for cyberattacks, including scanning websites and hunting for software vulnerabilities, and could attack any critical infrastructure segment in the U.S.  The Administration urges owners of critical infrastructure to conduct cyber risk assessments, implement multi-factor authentication, keep software and malware protection up to date and educate employees on the threats. The 62443 standards provide a framework of controls to mitigate the risk of these types of attacks.

It is this deep concern about security vulnerabilities that led several industry regulators to collaborate on the development of a series of standards that create a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs). The main collaborators in this effort are IEC TC65 / WG10, ANSI / ISA-62443, and ISO / IEC-JTC1-SC27. The standards they came up with, known collectively as ISA/IEC 62443, are applicable to all industry sectors and critical infrastructure.

Due to the comprehensive nature of ISA/IEC 62443, the standards are very broad and are presented in 14 separate documents, organized as shown below in Figure 1. They cover a wide range of topics from terminology, concepts, and models to security technologies for IACS, and much more. The standards are written for various audiences, including plant operators, integration and maintenance service providers, and component/system manufacturers.

In terms of the broad aspects of the standards, XONA provides capabilities for security requirements in the three areas highlighted in green, below.

Documents for ISA/IEC 62443

Figure 1 – Documents for ISA/IEC 62443

Trust us when we say the standards are very broad and deep. It took us weeks to scrutinize every requirement to determine if, and how, XONA supports the standards. The truth is, no single component or system manufacturer can claim to cover every single requirement—the needs are just too diverse. The standards were written to go across multiple technology providers, which explains why system integrators are one of the target audiences of the document: someone needs to put the diverse pieces together to help a company achieve full coverage.

Practitioners and customers often ask if we “comply” with ISA/IEC 62443. This is a bit of a misnomer, as 62443 is not a regulation mandated by a government or industry agency, such as NERC-CIP is for the energy industry. Instead, 62443 is a set of recommended standards that can help companies with industrial automation and control systems protect and secure those systems. Our customers seek to confirm compliance as they have adopted 62443 as a corporately mandated cyber security standard That said, XONA security capabilities and features meet the foundational and security level requirements of the relevant 62443 standards and fulfill the compliance requirement.

Meeting ISA/IEC 62443 Standards

Leading industrial organizations worldwide trust XONA for secure user access and analytics for their critical systems. XONA provides granular user-to-asset access controls and user session analytics via a zero-trust architecture. By integrating with OT asset management and security information and event management (SIEM) platforms, XONA adds the essential user-to-asset access control and analytics components needed in industrial infrastructure today.

Given these capabilities, it’s a natural fit for XONA to address various aspects of 62443, specifically around access control, identification and authentication control, use control, data confidentiality, and least privilege. These fall within XONA’s functionality and areas of expertise for securing industrial networks and systems. An important consideration is to select technology that aids in meeting and staying compliant and not undo any security countermeasures.

Because of the complex and detailed nature of these requirements, we’ve created a datasheet that explains which of the requirements XONA meets and how. Download it now:

Download Now

If you’d like to discuss how we fulfill those requirements and can help your organization improve user access control, schedule a demo today.

 

US Officials Warn – Heightened Risk of Ransomware Attacks on Municipal Utilities

U.S. Critical Infrastructure must guard against malicious ransomware attacks by implementing standards-based encryption and multi-factor authentication at all access points to OT assets 

U.S. officials warn of potential ransomware attacks in response to increased sanctions on Russia and have asked state and local officials to consider how ransomware attacks could disrupt the provision of critical services. “Right now, the biggest concern we have are preparations for potential impacts to US utilities and industrial critical infrastructure.” (Dragos)

The threat of Ransomware attacks is emerging as a critical cyber risk for electric utilities in the United States as evidenced by the recently passed Infrastructure Investment and Jobs Act (“Act”) Public Law 117–58.  The Act specifically provides grant funding for municipal utilities to deploy advanced cybersecurity technologies to protect against, detect, respond to, or recover from a cybersecurity threat to enhance the security posture of electric utilities. 

Utility owners should consider implementing a Zero-Trust secure operational gateway for user access with Multi-Factor Authentication (MFA) for encryption and authentication at the critical assets to block hackers from gaining access to their industrial control system. Regardless of how a hacker attacks the networks, or OT access points, encryption at the OT asset mitigates the ransomware attack. 

The XONA Critical System Gateway (CSG) was explicitly designed to provide Zero-Trust secure user access for the OT environment. Our CSG directly addresses the requirement for encryption and authentication through hardware token-based multi-factor authentication (MFA), user session recording, user-to-asset monitoring, OT protocol isolation, encrypted screen remoting, and auditable connection logs. 

XONA CSG provides a simple and secure solution that can be deployed and functioning in less than a day to harden OT access connections securing critical infrastructure. 

“Shields Up” Strategy – the New Reality for U.S. Critical Infrastructure

U.S. Critical Infrastructure must guard against malicious cyber-attacks by implementing encryption and authentication at all access points for connected OT assets or continue to face an increased level of cyber risk.

Russian hackers are attempting to broadly penetrate Ukrainian infrastructure to disrupt critical services such as electricity, transportation, finance, and telecommunications.

US Government urges US Critical Infrastructure owners to harden their systems and implement a “shields up” strategy.  As tensions escalate, Russian cyberattacks could seek to disrupt US electricity, gas, and other systems, warn the FBI and Department of Homeland Security.  Biden says, ‘we are prepared to respond if Russia launches cyberattack against the US.’

OT systems need to implement a Zero-Trust secure operational gateway for user access with Multi-Factor Authentication (MFA) for encryption and authentication at the asset connection to stop the attack before gaining access to an industrial control system.  Regardless of how a hacker attacks the IT systems,  networks, or OT access points, encryption at the OT asset mitigates the attack.

The XONA Critical System Gateway (CSG) was explicitly designed to provide Zero-Trust secure user access for the OT environment. Our CSG directly addresses the requirement for encryption and authentication through hardware token-based multi-factor authentication (MFA), user session recording, user-to-asset monitoring, OT protocol isolation, encrypted screen remoting, and auditable connection logs.

8 Immediate Risk Mitigation Steps to Protect Critical Infrastructure Systems

  • Identify all data communication protocols communicating on the OT network (East-West) and from OT Network to IT Network or Internet (North-South)
  • Ensure all communication from IT/Internet to OT network is encrypted
  • Ensure no data-in-transit for any user sessions not associated with a multi-factor authenticated session.
  • Isolate all data communication protocols to OT network
  • Ensure all user access session data to critical OT systems is logged and recorded.
  • Ensure plant-level controls for allowing remote access through software “lockbox and virtual wait lobby including visual and audible alarms.
  • Monitor all non-read only user access sessions
  • Verify acceptable risk level for access to critical assets through asset monitoring, threat (IOC) feeds, and vulnerability detection tools.

XONA CSG provides a “shields up” solution that can be deployed and functioning in less than a day to harden OT access connections securing critical infrastructure.

The Ideal Simple and Secure Connection Solution for OT Remote Access

Industrial companies worldwide are adopting capabilities that allow for remote operations. The pandemic has led companies to consider how they can reduce an onsite workforce while continuing with normal operations. Likewise, the worker shortage is leading companies to think in terms of a flexible workforce that may include remote staffing and flexible resourcing. In addition, industrials must think about emergency preparedness, control procedures, and the need to operate reliably with reduced onsite staff.

While the benefits to remote and mobile access are multifaceted, the risks to critical systems are real.

When workers and third-party vendors use remote communication technologies to directly access critical OT systems, the attack surface can be huge. A malicious actor can insert himself into the communication channel, overtake a legitimate user’s credentials, and utilize the data protocol such as RDP on the remote user’s device (i.e., a man in the middle attack) as a launching point to get into the OT network. The attacker can then move laterally to find vulnerable systems.

Quite obviously, this situation is completely untenable, and it is the scenario XONA Systems was created to solve. XONA prevents direct access to the network assets and includes multifactor authentication and an encrypted connection to mitigate the threat of man in the middle attacks on protected networks.

Remote Access Without Compromise of Essential Security

Operators need to provide remote and mobile workers with secure and managed access to operational controls as if they were there in person. This type of remote access absolutely requires a zero-trust architecture, control room managed access, and other operational safeguards. XONA’s Critical System Gateway (CSG) is purpose-built to fill this exact need.

XONA has a very simple architecture, shown below, that implements a zero-trust strategy to control, log and monitor the connection between the remote end user and the trusted asset in the OT network. As it relates to access, the questions of who, what, where, when, and why all are predetermined using a CSG appliance. Having this very well-defined architecture in place, companies with critical OT systems can now enable remote or mobile access without compromise of essential security.

Here’s what it takes to implement this remote access solution.

On the user side:

A remote user can use a variety of device types. The device itself does not need to run any sort of software agent; however, it must be able to support the use of a physical key for multi-factor authentication (MFA). The user can connect via a virtual private network (VPN), but it isn’t necessary. The user can utilize any modern browser to gain access to the XONA CSG by directing the browser to a predetermined IP address, which connects into a specific port on the CSG.

On the OT side:

The target asset on the operational side can be anything that an operator would normally interact with—a SCADA system, PLCs, HMI servers, etc. These devices are defined, and a specific protocol is assigned and isolated by the XONA CSG appliance.

The XONA CSG:

The appliance has two ports—one to connect the user side and the other to connect the OT side. Once those connections are made, an administrator can configure the software to set up user accounts and profiles that determine who can access which assets (systems) or applications on the OT side, and when. These profiles are used to authenticate and authorize specific users or groups to each system.

In all, it can take as little as 30 minutes to install the XONA solution.

What XONA CSG Brings to Remote Access for OT Systems

CSG is the world’s first – and of course, best – zero-trust remote operations platform for critical infrastructure and other industrial facilities. XONA delivers a trusted solution with very unique features for a changing world.

Zero-Trust Architecture (ZTA) – First and foremost is XONA’s ZTA for access control. By definition, zero trust means that every entity, be it a person or a machine, inside or outside a network, must be authenticated, authorized, and continuously validated before gaining and maintaining access to a protected system, application, or data. The XONA platform adheres to the ZTA requirements outlined by NIST, which recommends a Policy Enforcement Point (PEP) for enabling, monitoring, and eventually terminating connections to a protected resource.

The XONA CSG provides this PEP between the IT and OT enterprise or for any connected assets. The CSG directly mitigates cyber risk and physical security gaps that are prevalent in the OT environment. These security features are extended to include any remote access to connected assets.

Multi-Factor Authentication (MFA) – MFA is required to connect a user’s device to the XONA CSG. The gateway allows entities to seamlessly authenticate with WebAuthn-, U2F-, or OTP-compliant hardware tokens. It can also integrate with a company’s legacy MFA solution.

Protocol Isolation – For those OT devices that communicate using any of three major protocols – RDP, VNC, or SSH – XONA is able to isolate those protocols to the OT network, so they are not utilized by the remote user on the untrusted user side. What the user interacts with are image files rather than the actual OT protocol, but they still have complete control of the OT device as if they were sitting in front of it. XONA uses proprietary technology to do this and is the only remote access company to have such a capability.

Agentless Access – For convenience, the XONA solution is clientless and browser-based, which means that the remote/mobile user can use any device without having to use plug-ins, agents, or client-based software. This kind of simplicity is especially important for third party access as well as emergency use situations where a user device doesn’t have to be pre-configured.

Logging and Recording – To help ensure security and compliance, XONA has user access logging, event logging, and screen recording of every action that is performed. These logs/recordings can be used for compliance purposes and for worker training.

Moderated Secure File Transfer – XONA provides the ability to send or receive files back and forth between the user and the OT asset. The file transfer can be configured to be bidirectional or unidirectional for a number of reasons, such as patching the asset or to pull log files from the asset. With moderated file transfer, the file is stopped at the CSG and an administrator must approve or deny the movement of the file from that point. It’s another layer of security checks and balances.

These and all other XONA features map to relevant NERC CIP controls and are compliant with other standards such as IEC 62443 and NIST 800-53.

In short, the XONA CSG is the ideal platform to serve as a simple and secure connection solution for secure remote or mobile plant operations.

Download the “The Power of XONA: Supporting Operational Technology’s Cybersecurity Mission” white paper to learn more >

Understanding the Unique Challenges of Securing OT Systems in 2022

As industrial organizations continue to embrace change by leveraging the latest technologies into their daily operations and production cycles, they have also been tasked with embracing remote and hybrid work environments – all while maintaining operational continuity.

Utilizing advanced technologies has enabled these organizations to reduce expenses, expedite production time, and elevate customer service levels. At the same time, the global pandemic has accelerated remote and hybrid operations that allow employees, contractors, consultants, and vendors to “operate on-site” anywhere in the world, as well as via a variety of digital devices.

Unfortunately, along with the many benefits of delivering new value and improving productivity through technology and shared operations come escalating OT security risks that can impact – and even severely harm – workers, reputations, and operations. Cyberattacks on OT systems are no longer a niche exploit and can be catastrophic. Today, no organization in the OT environment is immune.

Accelerating OT Infrastructure Targeting

There has been an explosive growth in OT infrastructure targeting in the past few years. IBM Security’s 2020 X-Force Threat Intelligence Index reports a 2000% increase in the number of events targeting OT assets since 2018. Even more daunting is the rapid evolution of OT attacks from immediate critical infrastructure disruption – such as the Colonial Pipeline ransomware attack – to the Oldsmar, FL municipal water treatment’s network hacking attempt to cause physical harm by increasing the sodium hydroxide in the water intake. The new reality is that today’s threat actors are targeting weaknesses in the OT environment through open ports, lack of proper OT network segmentation, lack of MFA on access points, and back doors opened by third party vendors.

Recently, the technology research and consulting company Gartner predicted that the financial impact of OT attacks will reach $50 billion by 2023, including a variety of costs from insurance, regulatory fines, litigation, and compensation. They also forewarned that most CEOs would be personally liable for such incidents.

To combat the range of risks before an incident occurs, industrial organizations must adopt a forward-thinking OT security strategy that addresses these upward trends of the modern world.

Protecting Critical OT Assets

No longer can organizations wait to put processes, procedures, and technologies in place to protect their critical OT assets and remain secure and operational. Manufacturers, energy producers, utilities, and other organizations that deal with the public sector need to turn to a simple to deploy zero-trust access control platform with capabilities that include:

  • Secure “clientless” browser-based multifactor authentication (MFA)
  • Secure operational link for Industrial Internet of Things (IIoT)
  • Role-based third-party vendor management
  • Secure application access for monitoring and session logging
  • Application screen recording for forensics and training
  • Centralized management, visibility, and control of authorized user access

Securing OT Demands a Platform Approach

Since security considerations must extend beyond the on-premises system, a user access control and analytics platform is essential in mitigating cyber risk and physical security gaps prevalent in covering the operating system, the network infrastructure, and the IIoT.

The development of a unified security strategy should also include asking the following questions to help identify and evaluate solutions that are simple, proven, and cost-effective:

  • Does the vendor have a deep understanding of the nuances in cybersecurity, safety, and reliability challenges being faced by the OT industry?
  • Does the vendor have an established ecosystem of strategic partners, technology alliance partners, and resellers committed to reducing risk, cutting costs, and improving public safety?
  • Is the vendor able to implement robust and compliant network segmentation between IT and OT networks?
  • Does the vendor offer a centralized management platform designed to provide a single point of management and a 360-degree view across all remote sites?
  • Is the vendor able to meet even the most stringent compliance standards, including NIST 800-53, FIPS 140-2, and Risk Management Framework (RMF) guidelines?

Getting the answers to these and other essential questions will help guide critical infrastructure operators in taking the first steps toward improving their functional resilience and protecting their critical assets through a secure operational link between IT and OT.

Please click here to learn more about taking proactive steps to harden an OT environment>

Consequential, Certain & Disruptive: 3 Cybersecurity Risks that Will Impact Operations in 2022

2021 was a challenging year for manufacturers, energy producers, and utilities. A chaotic pandemic year created an opportunity for threat actors to take advantage of disruption to infrastructure integrity and IT to OT operational dependencies, something they achieved with frightening rapidity and effectiveness.

As many organizations transitioned to a hybrid workforce, novel integrations between IT and OT systems created new vulnerabilities that threat actors exploited, leading to surging ransomware attacks, infrastructure compromise, and other problematic repercussions.

According to one industry survey, 63 percent of respondents indicated that their organization experienced an ICS/OT cybersecurity incident in the past two years. With the average ICS/OT cybersecurity incident costing companies nearly $3 million, organizations have plenty of reasons to improve their defensive posture in the year ahead.

It’s critical that they do. Manufacturers, energy producers, and utilities should not expect heightened cybersecurity risk to subside alongside the pandemic. Instead, they should expect OT-related cybersecurity threats to be a certainty — and more expensive, consequential, and disruptive in the year ahead.

Expensive

As last year’s Data Breach Investigations Report glibly notes, “money makes the cyber-crime world go round.” In 2022, that price is going up.

For example, in 2020, the average ransomware payment exceeded $200,000, nearly four times the amount from just a year prior. In 2021, several high-profile ransomware payments netted multi-million dollar payouts as organizations and utilities worked to restore system access as quickly as possible.

Organizations should expect ransomware demands to continue increasing in the year ahead. Meanwhile, opportunity cost, regulatory implications, and other factors are making cybersecurity failures increasingly expensive. Therefore, timely and effective investments in holistic defensive capacity are essential to mitigating the financial implications of a cybersecurity incident.

Consequential

In 2021, cybersecurity failures halted manufacturing operations, exposed sensitive data, and eroded brand reputation – significantly raising the stakes for companies of every size in every sector.

Moving forward, companies should expect that the consequences of a cybersecurity incident will be more severe than ever before. For example, ransomware gangs are increasingly looking to leverage their network access to acquire and leak sensitive company data. Data exfiltration incidents surged in 2020, something that will inevitably continue in 2022.

Most prominently, when utilities and energy producers are compromised, public safety is often at risk as threat actors can disrupt critical services. It’s clear that without proper cyber protection, the consequences of failure are likely to become more extreme each year.

Disruptive

In November 2021, the Federal Bureau of Investigation (FBI) released a memo to companies completing “time-sensitive financial events,” warning that ransomware gangs are targeting these companies, looking to capitalize on the urgent and public nature of their operations. This warning most prominently applies to the financial sector, where mergers and acquisitions are time-sensitive, and public events, which can be derailed by a ransomware attack.

However, given the prominent attacks on critical infrastructure in the past year, it’s likely that threat actors will look to exploit companies and municipalities with time-sensitive operations, hoping to capitalize on the high-stakes nature of their sector to maximize payment opportunities.

Implementing Solutions That Work

Recognizing the immense challenges posed by today’s cybersecurity threats, manufacturers, energy producers, and utilities should turn to a simple to deploy zero-trust access control platform that can keep companies secure and operational, especially when IT and OT platforms are united.

Taken together, it’s clear that cybersecurity needs to be a top priority for every company in 2022, and they should start preparing today to meet tomorrow’s challenges.