Secure Access is the #1 Cyber Priority in Critical Infrastructure

And Xona Can Help You Take Back Control of Your User Access for Critical Infrastructure in Under 1 Hour!

Introduction – Why Controlling User Access to Critical Systems is So Crucial

In today’s rapidly evolving threat landscape, user access control is the single most important, foundational cybersecurity priority for critical infrastructure owners and operators. Attackers continue to exploit weaknesses including legacy remote access mechanisms, and the consequences are severe. A few indicative statistics of this priority include:

Remote services were the primary attack vector in 71% of major cyber-attacks on OT environments.1

Ninety one percent (91%) of security professionals express concerns about VPNs compromising IT security.2

These statistics highlight a harsh reality—outdated access solutions like VPNs and jump servers are no longer sufficient to protect critical infrastructure. Attackers exploit gaps in identity verification, authentication, session controls, and open network access, leading to ransomware, system breaches, and operational downtime.

Organizations that lack centralized control over user access expose themselves to increased cyber risk, regulatory penalties, and inefficiencies that threaten operations. The solution? A modern, purpose-built critical infrastructure approach to secure access.

This blog explores what it truly means to take control of user access, outlines the key steps, and explains why Xona is the obvious choice in secure access for critical infrastructure.

What Does It Mean to Control User Access?

Taking control of user access means moving beyond legacy, fragmented access solutions and implementing a centralized, identity-based approach designed specifically for critical infrastructure environments. Without full control, organizations remain vulnerable to unauthorized access, operational inefficiencies, and regulatory penalties.

Before and After: The Risks of Poor Access Control

Before Xona



Organizations relying on legacy access methods–face persistent cybersecurity risks, with broad attack surfaces and limited oversight of remote sessions.

After Xona



A unified, identity-driven access model ensuring only authorized users can access critical systems, with complete auditability and session control.
Scattered & Unsecure Access: Remote users, vendors, and third-party contractors use multiple access methods (VPNs, jump servers, RDP, SSH), creating security gaps.Centralized & Secure Access: Xona provides a single, browser-based access platform with zero trust security, eliminating risky direct connections.
VPN Complexity & Vulnerabilities: VPNs provide broad network access, increasing attack surfaces and compliance risks.VPN-Free Secure Access: Xona removes VPN dependencies, enforcing granular access control with least-privilege principles.
OT & IT Silos: OT teams lack a streamlined, secure way to access ICS and industrial systems without IT-heavy tools.Seamless OT & IT Integration: Xona bridges IT and OT with identity-based access that works with existing IAM and PAM solutions.
Compliance Nightmares: Meeting NERC-CIP, IEC 62443, TSA SD2, and other mandates is resource-intensive and difficult to prove.Built-in Compliance & Auditability: Xona simplifies compliance with automatic session recording, access logs, and audit-ready reports.
Operational Bottlenecks: Secure remote access is slow, requiring IT approvals and complicated login processes, delaying troubleshooting and maintenance.Fast & Effortless Access: Xona enables users to connect in seconds, reducing downtime and improving operational efficiency.
Risky Third-Party Access: Vendors and contractors often have excessive, uncontrolled access, leading to potential insider threats.Controlled Third-Party Access: Granular, time-limited, and monitored sessions ensure vendors only access what they need, when they need it.
Unmonitored User Sessions: No visibility into who accessed what and what was changed during the session, making security incidents difficult to investigate.Full Session Visibility & Oversight: Xona provides real-time session monitoring, video recording, and administrative override controls.
High Admin Overhead: Multiple solutions and components stitched together increases admin overhead and maintenance requiring management of multiple access solutions and constant patching and troubleshooting.Simple & Low-Maintenance: Xona’s zero-client, agentless platform reduces admin workload with fast deployment and minimal ongoing management.

Key Steps to Taking Control of User Access to Your Critical Systems

Securing critical infrastructure requires a comprehensive, zero-trust approach that prioritizes identity, enforcement, visibility, and compliance. Below are the essential steps organizations must take to eliminate security gaps and establish a resilient user access framework.

  1. Universal User Access Platform, Purpose-Built for Critical Infrastructure
    Legacy IT-based solutions fail to meet the unique needs of OT environments. Xona’s platform is designed specifically for critical infrastructure operations, ensuring seamless, scalable, and secure access for internal employees, remote users, third-party vendors, and OEM partners.
  2. Standardized Identity Administration, Authorization, Authentication, and Policy Enforcement
    Fragmented identity systems create blind spots and compliance risks. A centralized approach to identity management ensures consistent enforcement of access policies, supporting Active Directory (AD), LDAP, SAML, MFA, IAM, and PAM integrations for IT and OT convergence.
  3. Enforcing Least Privilege and Zero-Trust Access
    Persistent access increases attack surfaces and business risks. Implementing just-in-time access and role-based access control ensures that users only access what they need, when they need it, reducing insider threats and unauthorized privilege escalation.
  4. User Session Supervision, Collaboration, and Override
    Security and operations teams must have real-time oversight into user activity. Xona’s platform enables continuous session monitoring, collaborative troubleshooting, and immediate administrative override when necessary to prevent misuse or unauthorized changes.
  5. Delivers on Compliance Mandates
    Regulatory frameworks such as NERC CIP, IEC 62443, TSA Security Directives, and NIST 800-53 demand strict access controls and auditability. Xona’s solution simplifies compliance by enforcing granular access controls, full session recording, and capturing detailed session logs.
  6. Simple to Deploy, Administer, and Use
    Traditional remote access solutions are complex and time-consuming to implement. Xona eliminates network reconfigurations, agents, and additional infrastructure, providing a frictionless, browser-based user experience that’s technology agnostic and easy for administrators and end-users alike.

By following these key steps, organizations can take back control of user access, reduce their attack surface, enhance compliance, and strengthen overall security while ensuring seamless, uninterrupted operations.

Why Xona? The Best Secure Access Platform for Critical Infrastructure

When it comes to taking back control of user access, Xona is the clear leader. Why? Because Xona provides the simplest, fastest, and most secure way to manage user access across critical infrastructure.

1. Take Control in Under One Hour

Unlike traditional solutions that take weeks or months to configure, Xona can be fully deployed in under an hour.

  • No network reconfigurations, no user agents, no cloud dependencies.
  • Eliminates the need for VPNs, jump hosts, and complex firewall rules.
  • Deployable as on-prem hardware (1U, DIN rail) or virtual appliances.
  • Integrates seamlessly with existing identity systems (AD, LDAP, SAML, MFA, PAM).
  • Frictionless browser-based access with minimal training required.

2. Purpose-Built for Critical Infrastructure

Xona was designed from the ground up for operational technology (OT) environments, ensuring it meets the unique challenges of securing industrial networks.

  • Zero-trust architecture that enforces least-privilege access.
  • Real-time monitoring and session controls to ensure continuous oversight.
  • Seamless identity federation between IT and OT systems for unified access control.

3. Simple to Administer and Use

Security solutions shouldn’t slow operations down. Xona simplifies access management while maintaining the highest level of security.

  • Eliminates the need for complex VPN or jump server management.
  • Supports just-in-time access controls for third-party vendors.
  • Enables centralized identity management across multiple domains.

4. Compliance-Ready from Day One

Xona’s platform is built to help organizations meet strict regulatory requirements such as:

  • NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection)
  • IEC 62443 (International standards for industrial cybersecurity)
  • TSA Security Directives for pipeline and rail cybersecurity
  • NIST 800-53 for federal IT security standards

With Xona’s pre-configured compliance controls, organizations can ensure secure access without additional customization or infrastructure changes.

The Bottom Line

Taking control of user access shouldn’t be complex or time-consuming. With Xona, you can secure critical infrastructure in under an hour, simplify access management, and eliminate the risks of legacy remote access solutions.

Ready to see how it works? Request a demo today and take control of user access before it’s too late.

Endnotes

  1. New Study Reveals 92% of Industrial Sites at Risk from Unsecured Remote Access, Takepoint Research, 2024.
  2. ThreatLabz 2024 VPN Risk Report, Zscaler.

The Risks of Inadequate User Access Control in Critical Infrastructure

Who’s Accessing Your Critical Systems and What Are They Doing?

Introduction

The ability to control and monitor who has access to critical systems is a fundamental pillar of cybersecurity. However, many organizations today struggle with fragmented identity management, leaving their operational technology (OT), industrial control systems (ICS), and/or cyber physical systems (CPS) environments vulnerable to security breaches, compliance violations, unnecessary business risks, and operational inefficiencies.

88% of analyzed industrial sites identified remote services (a MITRE ATT&CK® initial access vector) as their most significant cybersecurity risk.1

There is an urgent need to take control of user access across converged critical infrastructure (IT and OT) environments. The remote access solution market is seeing significant growth, driven by this increasing need and is growing at over 13% per year.

Industry analysts also recognize this urgent need. “Secure remote access provides critical infrastructure companies with a swift solution to address significant operational and business risks,” says Jonathon Gordon, Directing Analyst at Takepoint Research. “Mitigating these risks is a foundational step in strengthening the security of critical systems. Industrial enterprises should consider solutions specifically designed to address this security challenge for OT and IT teams.”

Today’s Lack of Unified Access Control

Legacy access solutions, such as VPNs, jump servers, and VDI, were not designed for the security and operational demands of today’s industrial environments. VPNs were introduced during President Clinton’s administration in the mid-1990s to provide privacy for traffic over the internet. These solutions create broad attack surfaces for critical systems because they provide open network connectivity for insecure endpoints to directly connect to critical systems. If a user endpoint is compromised, attackers can ‘ride’ the VPN tunnel directly into trusted customer networks exposing them to cyber-attack, ransomware and malware, credential theft, and lateral movement risks.

Further, these legacy remote access technologies are complex to manage, requiring constant patching and configuration, placing additional strain on overburdened IT, security, and operational teams. They also often fail to meet modern compliance standards, lacking the granular access controls and auditability needed to satisfy regulations like NERC-CIP and IEC 62443.

Legacy access solution limitations include:

  • Designed for Privacy, Not Security – Legacy access solutions create an open hole in firewalls protecting critical systems and allow insecure user endpoints direct connectivity.
  • Lack of User Access Control and Visibility – Traditional access solutions leave you in the dark with no understanding of who is accessing what in your environment. And there is little to no control or policy enforcement mechanisms to take that control back.
  • Complex Configuration for Remote Endpoints – Third-party vendors and contractors often require endpoint agents or preconfigured devices, making remote access cumbersome and difficult to manage.
  • No Support for Just-in-Time Access – Legacy systems often provide persistent access, increasing exposure to insider threats and credential misuse.
  • Poor User and Admin Experience – VPNs and jump servers create friction for both users and administrators, requiring extensive setup and ongoing maintenance and patching.
  • Scalability Challenges – As organizations expand, legacy access solutions become increasingly difficult to scale, leading to security gaps and operational inefficiencies.

The Importance of Access Control in Critical Infrastructure

Modern industrial environments demand a security model that extends identity and access management (IAM) best practices into OT systems. A well-structured access control framework gives administrators complete control over who, what, when, where, and how users access critical systems. It provides granular identity, role-based, and attributed-based policy management controls. Secure access controls improve the security posture of critical systems reducing unauthorized access and mitigating the risk of insider threats. It improves operational efficiency streamlining user authentication processes and reducing administrative overhead. It increases scalability and flexibility enabling secure access management across diverse IT and OT ecosystems. And these solutions help ensure regulatory compliance aligning with security frameworks such as NERC CIP, IEC 62443, TSA security directives, NIS 2, CRA, NIST 800-53, Saudi NCA OTCC-1:2022, and others.

The Implications of Inadequate Access Control in Critical Infrastructure

Failing to implement a unified access control strategy can lead to significant security, business, and compliance risks. One example comes from a natural gas fired peaking power plant that struggled with fragmented access management. Due to inconsistent user authentication and lack of visibility into remote connections, unauthorized personnel were able to gain access to operational systems, creating a significant security threat. This lack of access control not only posed a serious cyber risk but also led to operational difficulties, requiring additional time and resources to manually verify and monitor access requests. Ultimately, these inefficiencies resulted in delays, increased costs, and compliance concerns related to NERC CIP regulations. By implementing a secure access management platform, the plant was able to centralize authentication, enforce role-based access policies, and gain real-time visibility into user activity. Read the full case study here.

Steps to Improve Secure Access for Critical Infrastructure

To mitigate these user access control challenges and associated risks, organizations should adopt a centralized and identity-based secure access strategy for their critical infrastructure. Key attributes of an effective approach that will help take back control of who is accessing what in your infrastructure include:

  • Purpose Built for Critical Infrastructure – Next-generation access platform designed specifically for OT/ICS environments, users, and administrators; and supports typical onsite needs and low-bandwidth networks.
  • Universal User Access Platform – Provides access control for internal employees, remote employees, 3rd party vendors, and OEM partners.
  • Multi-Domain OT & IT Identity Integrations and Administration – Unifies identity administration across IT and local onsite OT identity stores. Supports existing AD, LDAP, SAML, MFA, IAM, and PAM systems.
  • Standardized User Authorization, Authentication, and Policy Enforcement – Standardizes identity and multi-attribute policy management, authentication, and enforcement across converging IT-OT diverse deployments. Supports advanced MFA, SSO, adaptive and continuous authentication, device posture checks, and native authentication support for legacy OT/ICS elements.
  • User Session Supervision, Collaboration, and Override – Provides the ability for one user or administrator to monitor another user’s session in real-time either through invitation or without. Enables session control override by administrators / production engineers. Provides users with the ability to share screens and pass controls to multiple team members.

Organizations that implement these best practices can significantly enhance their user access control, security, compliance, and operational efficiency.

Conclusion & Next Steps

Secure user access is a foundational element in critical infrastructure cybersecurity. Organizations that fail to take control of user access put their critical infrastructure at unnecessary risk to threats like ransomware and malware. The evolving threat landscape and increasing regulatory pressures demand a proactive approach to access management. By centralizing identity access, enforcing least privilege, and implementing continuous monitoring, companies can safeguard their OT environments against unauthorized access and cyber threats.

🔹 Evaluate your current access control policies.

🔹 Identify security gaps in your authentication framework.

🔹 Explore modern access control solutions designed for critical infrastructure.

Taking control of user access is no longer optional—it’s essential for ensuring the control, security, compliance, and resilience of critical operations.

Endnotes

  1. Remote Services: Analyzing the Financial Exposures in Industrial Sites, DeNexus, 2025.

Xona and OTconnect Partner to Deliver Secure, Effortless, and Reliable OT Access

Introduction

Xona, the leading provider of secure access solutions for critical infrastructure, is proud to announce a strategic partnership with OTconnect, a cybersecurity leader specializing in securing Industrial Control Systems. This collaboration brings together Xona’s cutting-edge secure access management platform with OTconnect’s hands-on cybersecurity expertise to deliver a fully managed, scalable remote access solution tailored for critical OT environments.

Solving a Critical Industry Challenge

As OT environments become increasingly interconnected, organizations face rising cybersecurity threats, regulatory challenges, and operational complexities. Traditional access solutions, such as VPNs and jump servers, expose critical systems to unnecessary risks, while cumbersome security measures slow down operational workflows.

Xona and OTconnect have joined forces to eliminate these challenges by offering a seamless, secure, and easy-to-deploy access solution that minimizes risk, ensures compliance, and optimizes operational efficiency.

The Joint Solution – The Power of Xona + OTconnect

This partnership delivers a best-in-class solution that:

  • Minimizes security risks by eliminating insecure endpoints from connecting to critical systems and enforcing identity-based access.
  • Ensures compliance with industry regulations, including IEC 62443, NIS 2, and the European Cyber Resilience Act.
  • Simplifies remote access with a zero-footprint, browser-based experience that eliminates the need for VPNs, agents, or plugins.
  • Optimizes operational efficiency by enabling real-time collaboration without compromising security.

Better Together – Roles in the Partnership

Xona: Secure, Simple, and Scalable OT Access

The Xona Platform delivers secure access to critical infrastructure with features purpose-built to address the unique challenges of OT environments. Key capabilities include:

  • Identity-Based Access Management – Granular control over user access with role, identity, and time-based policies.
  • Disconnected Access Technology – Eliminates insecure endpoints from connecting directly to OT systems preventing ransomware and malware spread.
  • Seamless User Experience – A clientless, browser-based solution that simplifies secure remote access.
  • Granular Audit and Governance – Real-time session logging and compliance enforcement.

OTconnect: Expertly Managed Secure Access

OTconnect augments Xona’s technology with deep cybersecurity expertise for joint customers in the Netherlands and Belgium, ensuring:

  • Risk Assessment & Compliance Support – Aligning secure access with regulatory mandates and cybersecurity frameworks.
  • Secure Remote Access as a Service – Fully managed deployment, monitoring, and maintenance of remote access systems delivering a scalable solution that simplifies remote access management, letting you focus on operations while we ensure secure connectivity
  • Proactive Security Management – Implementing time-based access controls and ongoing monitoring.

What This Means for Critical Infrastructure Operators

By leveraging this joint solution, organizations gain a turnkey, fully managed secure access environment, reducing the burden on internal operations, IT, and security teams. With Xona’s innovative platform and OTconnect’s hands-on support, companies can focus on operations while ensuring a robust security posture.

Next Steps

Discover how Xona and OTconnect can transform your secure remote access strategy. Speak with our experts to discuss your security challenges, experience a live demo to see the platform in action, or deploy a trial version to experience the benefits firsthand.

Resilience in Production: 5 Key Cybersecurity Challenges for Manufacturers

Until recent decades, operational technology (OT) – a principal element in manufacturing – remained segmented from information technology (IT). OT systems, responsible for monitoring and controlling physical machinery and equipment, were manually managed by skilled workers, operated in isolation, and secure in their simplicity.  

Fast forward to today – modern manufacturing systems are almost unrecognizable. Advanced technologies like the Industrial Internet of Things (IIoT) merge with Industrial Control Systems (ICS), making the distinction between IT security and OT infrastructure difficult. This integration promotes operational efficiency and informed decision-making, but it also exposes vulnerable systems and expands critical infrastructure attack surface. 

Over the past three years, the industrial sector has been the prime target for cyberattacks, accounting for 25.7% of all incidents. 71% of these attacks involve ransomware, threatening not just data, but also the safety and resiliency in manufacturing.

For security leaders in manufacturing, the accelerating convergence of IT and OT presents a complex set of challenges.

  • How do you protect legacy control systems never designed for today’s cyber threats?
  • Can your organization effectively secure an increasingly interconnected supply chain?
  • What about mitigating third-party risks in OT identity and access management?

1. Protecting Legacy Manufacturing Control Systems

Picture your factory floor, humming with activity. At the center? Control systems, likely designed years (and in some cases, decades) ago. Long before today’s cyber threats were even imagined. It’s a common scene in manufacturing, and unfortunately, it makes for an easy target.  

These legacy systems weren’t built with cybersecurity in mind. They rarely offer the luxury of being patched or updated, leaving them open to modern attacks. The equivalent of trying to defend a medieval castle against drone warfare. 

A 2023 Microsoft report revealed 78% of industrial customers have known vulnerabilities within their networks. Nearly half of all customers are running on deprecated firmware. 

Is your organization’s risk tolerance flexible enough to gamble with those odds? Probably not. 

Here’s where security-savvy manufacturing leaders are focusing their efforts: 

  1. Attack Surface Reduction: Decreasing or eliminating insecure endpoint connections, thereby minimizing attack surface. Every open port is a potential entry point for attackers. 
  2. Access Control Improvements: Implementing robust identity and access management without adding complexity to operational network configurations or architecture. 
  3. Resilience and Business Continuity: Building systems that can quickly recover from an attack or malfunction, ensuring minimal downtime and disruption to operations. 

Use these areas of focus as foundational to improve security and reduce complexity, without sacrificing user experience.

2. Securing Critical Infrastructure from Expanding Supply Chains

Supply chains are becoming more complex and interconnected, presenting new opportunities for cyberattacks. Every new vendor, every additional user interaction, exponentially expands potential attack surface.  

 According to a Ponemon Institute report, a startling 59% of organizations have fallen victim to a software supply chain attack in recent years. 

Now, the (literal) million-dollar question: If a supply chain incident occurred today, would your security policies and practices withstand the attack? 

The answer lies in a change in thinking. Manufacturers need to embrace a zero-trust approach. This means: 

  1. Trust no one: Limit access rigorously, even for seemingly “safe” connections.
  2. Segment and conquer: Keep IT and OT networks separate. A breach in one should not compromise the other.
  3. Constant verification: Every access attempt, every data transfer, should be scrutinized. 

Adopting this zero-trust approach protects critical assets while also fortifying each link in the supply chain.

3. Managing Third-Party Risks in OT Remote Access

Remote access is often necessary for third-party vendors or engineers to keep operations running smoothly. But it comes with considerable risk. 

An innocuous remote connection could turn into a nightmare if malicious actors hijack the connection. Once they have access, they can easily gain control of OT environments, with a potential for widespread damage. 

How closely are you monitoring these remote connections? To minimize risks, it’s crucial to control access and track the activity of third-party users, ensuring only authorized personnel have entry to critical systems. 

Remember, in OT security, trust is a vulnerability. Verify everything, always.

4. Ensuring Compliance with Industry Regulations

As manufacturing processes evolve, so do the regulations governing them. Keeping up with regulatory requirements becomes a challenge. But these regulatory bodies serve a purpose. And it isn’t ticking boxes and checkbox compliance.  

Frameworks such as NIS 2 and IEC 62443 are based on practical safety and security best-practices across their specific verticals. They exist to protect consumers and businesses alike. Ensuring utilities remain uninterrupted, automated factories maintenance schedules are adhered to, and workers remain safe. 

Some frameworks have potential fines for organizational non-compliance. Others suggest individual responsibilities and liabilities, as well. But non-compliance shouldn’t be minimized to fines – legal issues and loss of trust are common byproducts. And one many companies would do well to avoid at all costs. 

An ICS security vendor should help organizations become (and remain) compliant, delivering the means to prove it, like monitoring and audit logs.  

Is your organization prepared for the cybersecurity regulations that govern your industry?

5. Integrating IT and OT Systems Without Compromising Security

The convergence of IT and OT is no longer the future – it’s happening now. And it has been for some time. It offers manufacturers unprecedented efficiency and decision-making capabilities. But this integration also presents new security risks, especially when traditional IT solutions aren’t adaptable for legacy OT systems. 

Here’s how to ensure secure communication between IT and OT without creating new vulnerabilities:  

  • Robust access controls: Not all data is created equal. Treat it accordingly.
  • Comprehensive understanding: Locate and hire experts who speak both IT and OT fluently.
  • Proactive integration: Every step of convergence should close security gaps, not create them. 

Successful IT / OT integration isn’t simply about connecting systems – it’s focused on creating a unified, secure ecosystem where efficiency and protection go hand in hand.

How Xona Addresses These Challenges 

At Xona, we understand the unique challenges manufacturers face. Our solution segments your environment into trusted and untrusted networks, creating a secure gateway between IT and OT systems. 

Here is how we do it: 

  • Isolation: Xona’s platform isolates communication between IT and OT networks, keeping trusted and untrusted networks segmented and preventing lateral movement of threats.
  • Access Controls: Strict identity and access management, such as role-based access control (RBAC) and active directory (AD) integration, to ensure only authorized users can access critical systems.
  • Resilience: By reducing the attack surface, we help organizations build resilience into their infrastructure, minimizing the risk of operational disruptions. 

Our technology enables secure IT-OT integration without exposing critical infrastructure to unnecessary risks. Even legacy systems with limited patching capabilities can benefit from enhanced security, ensuring your operations remain protected. 

 Xona also offers robust logging and auditing features, making it easier for manufacturers to comply with industry regulations. With our platform, you can track and document security measures, giving you peace of mind that you’re prepared for regulatory scrutiny.

Ready to Secure Your Operations?

Xona’s solution is designed to protect manufacturing environments from today’s evolving cyber threats. Interested in learning more? Schedule a 30-minute demo today, and we’ll show you how we can help secure your unique operational landscape. 

Protecting Your OT Network: The Power of Protocol Isolation

The demand for technology that can support secure user access, both remote and onsite, has expanded beyond IT environments to include the operational technology (OT) and industrial control systems (ICS) that enable organizations in a variety of critical infrastructure (CI) sectors to function.

However, the priorities of IT environments (i.e., the confidentiality, integrity, and availability of data[1]) are inherently different than those of OT environments (i.e., the safety, reliability, and availability of operations[2]). The latter holds the potential to bring significant harm to humans and the environment if the environment were controlled by someone with malicious intent.

In addition, it is not unusual in critical infrastructure environments for OT/ICS assets of varying complexity, functionality, and states of cybersecurity to be connected using a mix of network protocols. This can complicate the task of securing a trusted OT network from cyberattacks. As such, when it’s not possible for teams to individually secure the full combination of assets and protocols in use, isolating them individually within their specific network is a smart approach.

In fact, in Fortinet’s 2022 State of OT and Cybersecurity Report OT professionals ranked the “protection of protocols for industrial control systems” as the second most important feature for cybersecurity solutions.

Why Protocol Isolation is Important

Enterprise IT has standardized to a great extent on the Transmission Control and Internet Protocols (i.e., TCP/IP). However, as stated previously, within an OT network environment, several protocols are often in use. These may include the Remote Desktop Protocol (RDP), Secure Shell Protocol (SSH), Virtual Network Computing (VNC) protocol, and others.

Organizations that use these protocols may open the door for malicious actors to harvest credentials and move throughout the network. As the Cybersecurity and Infrastructure Security Agency (CISA) points out, whoever controls the routing infrastructure of a network essentially controls the flow of data. An attacker with a presence on an organization’s gateway router, or internal routing and switching infrastructure, can monitor, modify, or deny traffic either to and from the organization or within its network. Isolating protocols and functions, along with segmenting the network, limits what threat actors can do once inside the network.

In industrial settings, the ability to isolate protocols such as RDP, SSH, and VNC is critical. Traditionally, these protocols were assumed to be secure because they were used in OT environments with assets that were “air gapped” from the public Internet and IT networks. This made attacking OT environments difficult – if not impossible and made attempts to compromise them less likely than attacks against more “target rich” IT systems.

However, IT and OT systems are converging, combining the use of both IT and OT protocols. That merging has increased efficiencies, allowing the use of data and analytics to streamline operations, and enabled remote plant operations for geographically dispersed organizations. But it has also introduced vulnerabilities and made OT systems, many of which were never intended to be connected to untrusted networks, a more attractive target for threat actors.

So, while IT has standardized on TCP/IP, the world of OT/ICS still uses an array of protocols, many of which can be specific to the functional operations of equipment, a type of industry, or even geographical locations. Integrated IT and OT systems may use the same hardware, but they still operate differently, with significant variations in the software and protocols used.

Too many OT systems are also outdated from a systems standpoint, with them running unsupported and/or unpatched software. These systems may rely on outdated operating systems, such as Windows XP. OT systems that are networked with IT systems can also be vulnerable through open ports that lack proper access and protocol controls.

Each of these factors has increased the importance of protocol isolation, as the air gaps that once existed between OT and IT systems need to be effectively replicated by other means to protect those systems.

How Isolating Protocols Improves Network Security

The practice of isolating systems, protocols and other elements of a network is gaining attention as organizations become increasingly cloud-based and geographically dispersed. Treating an OT network like an IT network holds the potential for disaster given very different priorities. While an IT organization may recover from a data breach by a malicious actor, someone gaining access to a nuclear power plant’s control systems speaks to the potential for a far more dire set of consequences.

Network segmentation is one way to prevent malicious actors who may gain illegal access to a network from moving laterally across the overall network to steal data or inflict damage. However, network segmentation can be very complex and invasive – and CI organizations often don’t have the networking expertise for such an initiative.

The goal of protocol isolation is conceptually like network segmentation, except it is the network protocol and the assets to which they are connected that are isolated. And unlike network segmentation, it does not need to be either complex or invasive.

Protocol isolation can prevent malicious actors from lateral movement across a network. It can also address one of the shortcomings of the VPN technology used by some CI organizations, which aren’t designed to isolate protocols or prevent lateral movement within a network. This is especially true if done in concert with a zero-trust architecture that enforces the principles of least privilege.

How XONA Uses Protocol Isolation

As mentioned previously, the demand for technology that can effectively support secure user access, both remote and onsite, has expanded to include the OT and ICS that enable organizations in a variety of critical infrastructure (CI) sectors to function.

Given security concerns about allowing access by bad actors into these environments, the XONA Critical System Gateway (CSG) is delivered with protocol isolation as a core piece of its feature set. It confines the use of RDP, SSH, and VNC protocols to a specific trusted network and isolates them from untrusted environments, such as the Internet or an IT network.

In addition, once a live data stream from an OT/ICS asset reaches a XONA CSG it is converted into graphics files and presented (bi-directionally) to the OT/ICS operator as an encrypted interactive video stream. This eliminates the possibility of a bad actor inserting malicious commands into the conversation between an OT/ICS operator and the XONA CSG.

Below is a visual depicting XONA’s approach to protocol isolation in our CSG gateway.

Protocol Isolation

Learn More

References:

  1. https://www.sans.org/posters/the-differences-between-ics-ot-and-it-security/
  2. https://www.sans.org/posters/the-differences-between-ics-ot-and-it-security/

ICS/OT Security Practitioners Agree. Your Technology Matters.

ICS/OT Practitioners Share Their Unique Requirements & Concerns

SANS released its annual ‘State of ICS/OT Cybersecurity’ report in October 2022. It reflects survey results from 332 ICS/OT organizations representing a range of industrial verticals.

According to respondents, their 2nd biggest challenge in securing OT technologies and processes is that “traditional IT security technologies are not designed for ICS and cause disruption in OT environments.” [1] That certainly applies to Secure Remote Access for ICS/OT, the application for which XONA Systems has created a purpose-built solution.

biggest challenge in securing OT technologies and processes

Figure 3. Biggest Challenges in Security OT Technologies and Processes

This viewpoint is not surprising. In February 2022, SANS created an infographic[2] that cited the differences between cybersecurity for ICS/OT and IT environments. It offered guidance on defining the differences between cybersecurity defense methodologies, security controls, safety, impacts, skill sets, and the security missions for ICS/OT versus IT.

One example cited was the (likely) application of a popular remote access and control program named TeamViewer as the vehicle that unidentified cyber actors employed to compromise a U.S. Water Treatment facility.[3] TeamViewer is widely used in traditional IT environments to enable IT personnel to install/update software on a computer where administrative rights are withheld from the end-user out of security concerns.

Another challenge, according to SANS, is that “ICS/OT assets are often compared to traditional IT assets; however, traditional IT assets focus on data at rest or data in transit, while ICS/OT systems monitor and manage data that makes real-time changes in the real world with physical inputs and controlled physical actions.” As such, ICS/OT cybersecurity must support the safe operation of critical infrastructure, not the other way around.

Other findings:

  • A compromise in IT is the #1 (40.8%) initial attack vector allowing threats into OT/ICS networks.
  • Lowering risk/improving security and preventing information leakage are the #1 (53.6%) and #4 (29.1%) OT/ICS business concerns.
  • Operator assets, such as a human-machine interface (HMI) or operator workstations, are considered one of the control system components at greatest risk (#2 at 43% – up from 32% in 2021) and one of the control system components with the greatest (negative) impact if compromised and exploited (also #2 at 39.8%).

control system components at greatest risk

  • Once safety risks and operational impacts from a cyberattack are seen, it’s too late.

Of note is the viewpoint that “ICS security is not a ‘copy/paste’ of IT security. That there’s a misconception that IT security practices can be directly applied to ICS environments.” Although a wealth of knowledge is available from IT security, a “copy and paste” of IT security tools, processes, and best practices into an ICS could have problematic or devastating impacts on production and safety.

Download The Complete Report

References:

  1. SANS – The State of ICS/OT Cybersecurity in 2022 and Beyond (Dean Parsons, OCT 2022)
  2. The Differences Between ICS/OT and IT Security Poster | SANS Institute
  3. Compromise of U.S. Water Treatment Facility | CISA

 

OT:ICEFALL: Addressing Operational Technology Equipment Flaws with Zero-Trust Controls

A new report on Operational Technology (OT) equipment flaws from automated cybersecurity software company Forescout outlines the alarming state of OT security. The report titled OT:ICEFALL was crafted by researchers at the company’s Vedere lab. It breaks down 56 vulnerabilities affecting 26 devices from 10 vendors in OT.

The findings sound an already blaring alarm about how many OT systems and components are insecure-by-design. While there has been a concerted effort to harden OT security over the last decade, most OT still in use today was not designed with any security features in mind. Since industrial equipment is built to last for decades in service, connecting technology still in use today to a network or the outside world was not even a thought when it was designed and implemented. And now that connectivity is becoming a necessity, we’re playing catch-up when it comes to security.

Therefore, most OT is considered “insecure-by-design.” And by extension of the fact that security in OT has been an afterthought, vulnerabilities have historically not been assigned a Common Vulnerabilities and Exposure (CVE) classification. As Forescout points out in its report, the lack of any standard mechanism for tracking and giving visibility to vulnerabilities in OT makes it very difficult for operators to find issues in their systems, and for vendors to fix them.

Forescout’s report is an important resource because it compiles vulnerabilities from major OT vendors in one place. One of the most interesting things the company found by digging in further is that 74% of the affected product families have some form of security certification – which raises serious concerns about the state of OT security certifications. As the research says, “most issues we report should be discovered relatively quickly during in-depth vulnerability discovery.”

Another interesting component of the report is how it divided the vulnerabilities into different categories for the type of risk they enable. More than one-third of the vulnerabilities identified in the report (38%) allow for the compromise of credentials, which is by far the biggest threat. Firmware manipulation is the second biggest threat (21%), followed by remote code execution (14%). Other threats include configuration manipulation, denial of service, authentication bypass, logic manipulation, and file manipulation, which are all potential risks from less than 10% of the identified vulnerabilities.

OT:ICEFALL Vulnerability Types

Source: Forescout OT:ICEFALL Research Report, July 2022

The potential negative outcomes due to Insecure-by-design OT could be catastrophic. If attackers get into a gas pipeline, water treatment facility, or power plant, human lives are at risk. This report shows how easily hackers can manipulate firmware, logic and files once they gain access to a network IF the company doesn’t have proper security models in place. In today’s age, companies need remote user access, but enabling it immediately increases their attack surface. So where do we go from here?

The industry must recognize that these vulnerabilities will not be resolved by simply patching the impacted systems. They are architectural in nature and can only be remitted by re-designing the system and completely replacing it, which can take 5-10 years. The other option is a built for OT, zero-trust user access platform that can be deployed to protect these vulnerable systems immediately.

To address the lack of secure-by-design industrial control systems, enterprises must implement a more universal zero-trust architecture to properly protect against these security flaws expeditiously. These zero-trust controls can include protocol isolation to immediately and drastically reduce the attack surface, strong multi-factor authentication to remove move weak authentication methods, moderated file transfer and moderated access to critical assets to provide added site level controls, and user access monitoring and session recording to ensure proper operations to conduct deeper forensics when threats emerge.

We can either continue to have the stress and consequences of systemic risk to public and economic safety, or we can implement modern and secure authentication and authorization zero-trust controls to address it immediately.

For more information on how Xona’s technology can protect your organization with its frictionless user access platform purpose-built for critical infrastructure, visit our resources page or reach out to schedule a demo.

“Pipedream” Malware Targets ICS: What Critical Infrastructure Owners Need to Know

Troubling new malware designed to facilitate attacks on a wide array of critical infrastructure – from oil refineries and power plants, to water utilities and factories – is raising concerns for its versatility. The malware, named Pipedream by Dragos and Incontroller by Mandiant, who have both tracked and researched the toolkit, is potentially capable of gaining full system access to multiple industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.

Fortunately, there is no evidence yet that the malware has been successfully deployed in the wild, but the threat it poses to critical infrastructure is severe enough to warrant an advisory from multiple federal government agencies. This joint advisory was issued by the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). It says:

APT actors have developed custom-made tools for targeting ICS/SCADA devices. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions.

There have only been a handful of known and credible malware threats designed to specifically target critical infrastructure. The first such example is Stuxnet, which was uncovered in 2010 and was developed and used by the U.S. and Israeli governments to destroy nuclear enrichment centrifuges in Iran. In 2016, Industroryer (also known as Crash Override) was used by Russian actors to target electrical infrastructure and force blackouts in Kiev, Ukraine. Triton or Trisis was discovered in 2017, and again used by Russians to target Saudi Arabian oil refineries. Most recently, Ukrainian security officials detected a new variant of Industroyer linked with the current Russian offensive, just a few weeks ago.

Since Stuxnet opened the door to malware targeting critical infrastructure more than a decade ago, these are the most prevalent instances to be uncovered. And without even recording proof of it being deployed in the wild, Pipedream/Incontroller already stands apart because it can manipulate such a wide variety of industrial control programmable logic controllers (PLC) and industrial software used across industries.

In their joint advisory, DOE, CISA, NSA, and the FBI urge critical infrastructure organizations to implement a series of detection and mitigation recommendations to strengthen their security posture against the Pipedream/Incontroller threat. Among the 13 recommended steps outlined, XONA already naturally provides organizations with eight of them, including:

  • Isolating ICS/SCADA systems and networks from corporate and internet networks using strong perimeter controls, and limiting any communications entering or leaving ICS/SCADA perimeters.
  • Enforcing multifactor authentication for all remote access to ICS networks and devices whenever possible.
  • Limiting ICS/SCADA systems’ network connections to only specifically allowed management and engineering workstations.
  • Implementing robust log collection and retention from ICS/SCADA systems and management subnets.
  • Ensuring all applications are only installed (accessed) when necessary for operation.
  • Enforcing principle of least privilege. Only use admin accounts when required for tasks, such as installing software updates.

For more information on how XONA natively includes these protections for its customers and to learn how our technology can protect your organization, visit our resources page or reach out to schedule a demo.

Understanding ISA/IEC 62443 Standards for Industrial Networks, OT, and Critical Systems

There are many significant technology-enabled changes taking place in industrial environments today. Smart factories and Industry 4.0. The Industrial Internet of Things (IIoT). The convergence of information technology (IT) and operational technology (OT). All of these things are introducing digital technologies at a fast pace to improve operations, increase productivity, enhance oversight, and increase profitability.

For all the good the technologies offer, there’s also a dark side that opens up the digital environment to vulnerabilities that can enable cyberattacks, theft of intellectual property, and even cyberwarfare.

The threats and concerns of attacks on industrial systems are clearly evident by the recent Biden Administration and the Cybersecurity and Infrastructure Security Agency (CISA) warning that Russia has been conducting “preparatory activity” for cyberattacks, including scanning websites and hunting for software vulnerabilities, and could attack any critical infrastructure segment in the U.S.  The Administration urges owners of critical infrastructure to conduct cyber risk assessments, implement multi-factor authentication, keep software and malware protection up to date and educate employees on the threats. The 62443 standards provide a framework of controls to mitigate the risk of these types of attacks.

It is this deep concern about security vulnerabilities that led several industry regulators to collaborate on the development of a series of standards that create a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs). The main collaborators in this effort are IEC TC65 / WG10, ANSI / ISA-62443, and ISO / IEC-JTC1-SC27. The standards they came up with, known collectively as ISA/IEC 62443, are applicable to all industry sectors and critical infrastructure.

Due to the comprehensive nature of ISA/IEC 62443, the standards are very broad and are presented in 14 separate documents, organized as shown below in Figure 1. They cover a wide range of topics from terminology, concepts, and models to security technologies for IACS, and much more. The standards are written for various audiences, including plant operators, integration and maintenance service providers, and component/system manufacturers.

In terms of the broad aspects of the standards, XONA provides capabilities for security requirements in the three areas highlighted in green, below.

Documents for ISA/IEC 62443

Figure 1 – Documents for ISA/IEC 62443

Trust us when we say the standards are very broad and deep. It took us weeks to scrutinize every requirement to determine if, and how, XONA supports the standards. The truth is, no single component or system manufacturer can claim to cover every single requirement—the needs are just too diverse. The standards were written to go across multiple technology providers, which explains why system integrators are one of the target audiences of the document: someone needs to put the diverse pieces together to help a company achieve full coverage.

Practitioners and customers often ask if we “comply” with ISA/IEC 62443. This is a bit of a misnomer, as 62443 is not a regulation mandated by a government or industry agency, such as NERC-CIP is for the energy industry. Instead, 62443 is a set of recommended standards that can help companies with industrial automation and control systems protect and secure those systems. Our customers seek to confirm compliance as they have adopted 62443 as a corporately mandated cyber security standard That said, XONA security capabilities and features meet the foundational and security level requirements of the relevant 62443 standards and fulfill the compliance requirement.

Meeting ISA/IEC 62443 Standards

Leading industrial organizations worldwide trust XONA for secure user access and analytics for their critical systems. XONA provides granular user-to-asset access controls and user session analytics via a zero-trust architecture. By integrating with OT asset management and security information and event management (SIEM) platforms, XONA adds the essential user-to-asset access control and analytics components needed in industrial infrastructure today.

Given these capabilities, it’s a natural fit for XONA to address various aspects of 62443, specifically around access control, identification and authentication control, use control, data confidentiality, and least privilege. These fall within XONA’s functionality and areas of expertise for securing industrial networks and systems. An important consideration is to select technology that aids in meeting and staying compliant and not undo any security countermeasures.

Because of the complex and detailed nature of these requirements, we’ve created a datasheet that explains which of the requirements XONA meets and how. Download it now:

Download Now

If you’d like to discuss how we fulfill those requirements and can help your organization improve user access control, schedule a demo today.

 

US Officials Warn – Heightened Risk of Ransomware Attacks on Municipal Utilities

U.S. Critical Infrastructure must guard against malicious ransomware attacks by implementing standards-based encryption and multi-factor authentication at all access points to OT assets 

U.S. officials warn of potential ransomware attacks in response to increased sanctions on Russia and have asked state and local officials to consider how ransomware attacks could disrupt the provision of critical services. “Right now, the biggest concern we have are preparations for potential impacts to US utilities and industrial critical infrastructure.” (Dragos)

The threat of Ransomware attacks is emerging as a critical cyber risk for electric utilities in the United States as evidenced by the recently passed Infrastructure Investment and Jobs Act (“Act”) Public Law 117–58.  The Act specifically provides grant funding for municipal utilities to deploy advanced cybersecurity technologies to protect against, detect, respond to, or recover from a cybersecurity threat to enhance the security posture of electric utilities. 

Utility owners should consider implementing a Zero-Trust secure operational gateway for user access with Multi-Factor Authentication (MFA) for encryption and authentication at the critical assets to block hackers from gaining access to their industrial control system. Regardless of how a hacker attacks the networks, or OT access points, encryption at the OT asset mitigates the ransomware attack. 

The XONA Critical System Gateway (CSG) was explicitly designed to provide Zero-Trust secure user access for the OT environment. Our CSG directly addresses the requirement for encryption and authentication through hardware token-based multi-factor authentication (MFA), user session recording, user-to-asset monitoring, OT protocol isolation, encrypted screen remoting, and auditable connection logs. 

XONA CSG provides a simple and secure solution that can be deployed and functioning in less than a day to harden OT access connections securing critical infrastructure.