Operational Technology (OT) Security Definition & Examples

Operational Technology (OT) security covers a full slate of technologies and procedures used to protect the assets, data and people operating physical processes and devices. Most often applied to industrial and manufacturing concerns, it involves the hardware and software that is used to control those physical processes, monitor their operations and detect changes—ranging from an equipment failure to cyberattacks—that could impact operations.

Changes in industrial operations and the cyber threat landscape in recent years have greatly elevated the importance of OT security. Operational technology has steadily been converged with IT operations—being connected to other enterprise systems and the internet—which has exposed vulnerabilities in OT systems while raising the profile of industrial systems as a high-value target for threat actors.

How Operational Technology (OT) Security Has Become a Critical Issue

The National Institute of Standards and Technology defines OT as programmable systems or devices that interact with or manage the physical environment, and which either detect or cause a change in devices, processes and events. Examples of OT include industrial control systems (ICS), building management platforms, fire control systems and physical access control mechanisms. In industrial and manufacturing settings, ICS typically includes a variety of Supervisory Control and Data Acquisition (SCADA), programmable logic controllers (PLCs), distributed control systems (DCS), remote terminal units and more.

With the convergence of OT and IT systems, the cybersecurity of OT has become a critical issue. A Forescout report from July 2022 detailed some of the glaring weaknesses in OT security, identifying 56 vulnerabilities in 26 devices from 10 OT vendors. Those vulnerabilities allow for credential compromise (38% of the devices), firmware manipulation (21%) and remote code execution (14%), among other exploits.

The report concluded that OT devices and protocols are “insecure by design,” despite the fact that 74% of the products tested have some form of security certification—and tended to be sold as secure by design. They are compounding risk management in OT is the lack of a Critical Vulnerabilities and Exposures (CVE) list such as those for IT systems put out by the National Institute of Standards and Technology and The CVE Program.

Operational Technology (OT) Security for Industrial Companies

There is a tremendous need for rigorous OT security and critical infrastructure systems, and that need will increase exponentially in the coming years as the number and severity of attacks on our critical infrastructure systems increases. For example, industrial companies have become frequent targets of ransomware, supply-chain and other attacks. IBM’s 2022 X-Force Threat Intelligence Index reported that manufacturing was the most-targeted industry in 2021, as threat actors sought to “imprison businesses” and “fracture the backbone of global supply chains” through ransomware and other exploits. Unpatched software was the most commonly exploited vulnerability, contributing to 44% of ransomware attacks. And nearly half (47%) of attacks overall involved vulnerabilities that victim organizations either had not or could not patch.

Attacks on critical infrastructure, ranging from fuel pipelines to hospitals, puts lives at risk in addition to causing economic and social damage and potentially threatening national security.

OT security addresses the weaknesses in OT systems, including older systems that have gone unpatched or, in some cases, are so old that they are no longer supported and thus can’t be patched. Many systems, for instance, still run Windows XP. Other vulnerabilities include weak control over credentials (a favorite target of attackers), a lack of network segmentation and protocol isolation, and insecure connections with IT systems, which are often used as an entry point.

Operational Technology (OT) Security Starts with Visibility

OT security can no longer be viewed as separate from the rest of the enterprise. The convergence of IT and OT systems has expanded the size and complexity of the attack surface. Vulnerabilities in IT systems (which have weaknesses of their own) pose a potential threat to critical OT operations and vice versa.

To improve their security postures, organizations need first to gain clear visibility into their systems across all environments, including IT, OT and a quickly growing number of Industrial Internet of Things (IIoT) devices. Visibility also must be granular, covering not just discovering all of the devices and software within their networks, but how they connect to other components of the enterprise.

Secure remote access control also is critical, best achieved by adopting a Zero Trust security strategy, including multi-factor authentication, least-privilege principles and continuous monitoring.

A substantial piece of OT security is gaining control over critical assets and protecting these assets from the specific threats created by distributed workers and remote work environments. A platform that provides complete visibility and secure access to critical assets would include, for example, a policy engine that enforces specific policies across users, asset connections, and group-based management, which sets privileges to groups such as human-machine interface (HMI) technicians or those working with SCADA systems.

Taking Operational Technology (OT) Security to the Enterprise

In today’s industrial and manufacturing environments, OT security requires a comprehensive, enterprise-wide strategy. Like companies in any other sector, industrial organizations also suffer from an IT skills shortage, and operate a cloud-based infrastructure that has grown beyond the ability of in-house staff to control completely. XONA recommends that organizations consider a platform-based approach that can provide a holistic, cost-effective security strategy.

XONA’s Remote Operations Access Manager (ROAM), for example, provides full enterprise visibility into CSGs. XONA’s Critical System Gateway (CSG) protects critical assets via hardened components, protocol isolation and encrypted display. A comprehensive platform can support a dispersed, remote workforce Zero Trust architecture with implementation of MFA and other access controls. And it can provide the scalability for companies to securely grow or adjust to new conditions.

This type of enterprise approach to security also can help companies achieve regulatory compliance, which is vital to organizations in industries ranging from energy to healthcare.

Learn More

 

Secure Remote Operations Definition & Examples

Secure remote operations result from centralized, ongoing control over an organization’s infrastructure and operations, mitigating the weaknesses that are created as operational technology (OT) and information technology (IT) converge, and workforces become increasingly dispersed. It takes a holistic approach to supporting data collection and analysis to improve operations while protecting the network from a mounting array of cyber threats.

Why Secure Remote Operations is Essential for Critical Infrastructure

Industrial enterprises have steadily converged their infrastructures, linking OT and IT systems—including Industrial Control Systems (ICS) and a growing number of Industrial Internet of Things (IIoT) devices—to increase efficiencies. By combining those systems, organizations close traditional air gaps between them to become more data-driven operations with greater control over dispersed facilities. These changes also accommodate a workforce that has become increasingly remote, particularly as a result of the COVID-19 pandemic.

Bridging air gaps between systems delivers significant advantages for business operations, but it has created some glaring cybersecurity gaps and an increased attack surface. OT systems that once were separated from the internet, for example, now are connected to the rest of the enterprise. And a lot of OT runs on older operating systems and software that have gone unpatched and may no longer be supported. OT remote access creates new attack vectors and has become a prime target of attackers, many of whom have shifted to credential-based, rather than malware-based, attacks.

Threat actors, meanwhile, have increased attacks on manufacturing and industrial systems, with attackers associated with nation-states showing a heightened interest in systems involved in managing critical infrastructure. Ransomware, supply chain and other attacks have become common, and the costs of cyberattacks are steadily increasing.

The Keys to Secure Remote Operations for OT and Critical Infrastructure

In the current operating environment, securing the enterprise is inseparable from secure remote operations. A holistic, end-to-end security posture must include several essential features.

Granular Access Control. Securing an organization’s remote operations begins, naturally, with remote access control. Organizations can enforce a granular level of access control, in which administrators can establish who has access to which systems and when. They should follow the principle of least privilege, granting users only the minimum privileges they require to perform a task. With industrial systems, role-based access control (RBAC) can allow access for specific functions, and time-based access control (TBAC) limits access use to certain days or hours. These controls must be applied to all users, whether they be employees, business partners or vendors.

Zero Trust. As a key component of secure remote operations, a zero-trust strategy is essential for ensuring security in a dispersed, cloud-based computing environment. This focuses on continuously authenticating and authorizing network identities, including non-human identities such as IIoT devices, applications and ICS devices like Supervisory Control and Data Acquisition (SCADA) systems. It typically requires multi-factor authentication (MFA), network segmentation and isolation of critical control systems, which can help restrict the movements of an attacker who has gained access.

Gateway Control. In a cloud-based computing environment and changeable business conditions, an organization needs to be able to scale its systems up or down as needed. Establishing a single gateway per site can enable easy scaling, granting external and third-party users access via a central point of control.

Continuous Management of Security. Maintaining the security of remote operations is an ongoing process that needs to be able to adapt to a changing threat environment as well as new business developments. Organizations need to continuously monitor users and network activity for signs of anomalous behavior or intrusions (this is also a focus of zero trust). Conducting consistent log management and analysis—including session logging and recording, and moderated visits from vendors—can help maintain secure remote operations. It’s also essential to maintain and monitor network devices and services, such as anti-virus and anti-malware software.

Establish Response Capabilities. A tenet of modern security strategies such as zero trust is to assume that attackers will get into the network, if they aren’t there already. The ultimate goal is resilience—being able to respond, recover and resume operations as quickly as possible. In addition to regular monitoring and proactive health checks on security, organizations need to establish the capabilities to troubleshoot problems remotely (enabled by secure remote connectivity), respond quickly and identify a solution before a cyberattack does significant damage.

Modernizing Secure Remote Operations with XONA

Traditional access technologies such as Virtual Private Networks (VPNs) and Virtual Desktop Infrastructures (VDIs) weren’t built for secure remote access to critical systems, and are too complex to work with IIoT and ICS devices in a distributed environment.

XONA has a more concrete and cost-effective model for secure remote operations of physical systems that meets specific requirements when it comes to securing operational technology. With integrated multi-factor authentication, user-to-asset access controls, user session analytics, and automatic video recording, XONA is the single, secure portal that connects the cyber-physical world and enables critical operations to happen from anywhere with total confidence and trust. Its proprietary protocol isolation and zero-trust architecture eliminate common attack vectors while giving authorized users seamless and secure control of OT from any location or device.

Learn More

Operational Technology (OT) Remote Access Definition & Examples

Operational technology (OT) Remote access allows users to access the hardware and software that controls industrial equipment without being on-premises. Whether they’re working from home or at another location within the company, remote access enables employees to adjust processes, update software, troubleshoot problems or perform other tasks necessary to maintaining business operations.

When defined in broad strokes, it’s a simple concept. But in practice, it is a complex undertaking that introduces risks to the enterprise via OT systems—many of which lack cybersecurity protections—operating in convergence with IT systems and Industrial Internet of Things (IIoT) devices. In today’s threat environment, remote access is (or should be) inseparable from secure remote access.

Why OT Remote Access is Important

Interoperability is a strong and growing trend in industrial and manufacturing enterprises, as companies reap the benefits of greater efficiency and streamlined control of their operations by connecting Industrial Control Systems (ICS) and other OT with IT systems. Companies gain greater visibility into their processes, which leads to better decision-making. It allows employees at a central location to control operations at multiple, far-flung sites. And it allows employees to work from home or from another location, which became a necessity in some cases during the COVID-19 pandemic and is also seen as an attractive feature to offer prospective employees.

Remote access, however, comes with risks for any enterprise, and those risks are compounded when dealing with OT systems, connecting via control system protocols using IP-based Human Machine Interface (HMI) systems and Ethernet manifestations such as MODBUS/TCP.

Many OT systems lack even basic protections. Software patches are applied infrequently, if at all, and more than half of industrial sites use old operating systems, such as Windows XP, that are no longer supported, and so are not patchable by default. Meanwhile, other cybersecurity protections such as protocol isolation, the use of strong encryption and multi-factor authentication, and network and user access monitoring are often overlooked.

In today’s cyber threat landscape, that puts industrial enterprises at significant risk. Amid the escalation of ransomware and other attacks, industrial concerns, including those dealing with critical infrastructure, have become more common targets. Attacks such as those on the Colonial Pipeline and meat-packer JBS demonstrated the impact those attacks can have. Other dangerous attacks in recent years, such as Stuxnet, CrashOverride and TRISIS, targeted Supervisory Control and Data Acquisition (SCADA) systems within industrial controls.

Attacks on critical infrastructure—including the energy, oil and gas, manufacturing, transportation, healthcare and government sectors—can have an effect beyond financial losses, stolen intellectual property or damage to reputations. They also can put lives at risk. Those attacks underscore the importance of securing remote access to OT systems, especially as attackers shift their focus from delivering malware to compromising credentials in order to gain access.

Many of the access controls that are in place in OT systems, such as virtual private networks (VPNs), can date back 20 years, and were designed for access to critical systems. They don’t isolate protocols or systems, which the network exposes if credentials are compromised. Remote access to OT can be achieved using protocols such as Remote Desktop Protocol (RDP) and Secure Shell (SSH), but they don’t provide a very fine-grained level of control.

Best Practices for Securing OT Remote Access

Although OT systems are interconnected with IT systems, they operate differently, often using different protocols. For example, OT systems use a wide variety of protocols—some of them specific to the piece of equipment or its function—which can be vulnerable via open ports that don’t have access and protocol controls. They also may lack encryption protections.

Remote access to OT systems would be best served by a more straightforward, more flexible access method that also provides a level of security commensurate with both the integrated, dispersed IT environment and the current threat landscape. The most viable access strategy is one based on Zero Trust.

A Zero Trust approach focuses on continually authenticating and authorizing identities on the network in order to control and track any interaction between users and data, systems and applications. Those elements are segregated within a trust framework, with access controlled via strong multi-factor authentication (MFA), and an authorization process that includes user role, time and location-based controls. Continually monitoring activity also allows enterprises to be resilient in responding to attacks and mitigating damage.

Along with MFA, a Zero Trust strategy will follow the principle of least privilege, granting users and other network identities only the minimum access privileges they need for a specific task. Privileges can also be time-based, granting access for a set amount of time to complete the task.

With regard to OT systems, least-privilege principles can take the form of role-based access control (RBAC) and time-based access control (TBAC). Users can be granted access to operate an HMI or patch an asset, for instance. TBAC can establish fixed hours or days within which other stakeholders, such as vendors or business partners, can access systems.

Adopting Zero Trust and Protocol Isolation for Secure OT Remote Access

Another technique common in Zero Trust architectures is network segmentation, which divides the network into isolated, compartmentalized subnets through the use of firewalls, Virtual LANs and software-defined networking (SDN). A precept of Zero Trust is that it’s not all about preventing intrusions—organizations must assume that a network has been breached. A segmented approach can prevent unauthorized users from moving about the network.

Within OT systems, a segmented approach can be aided by protocol isolation, which limits the use of certain protocols to specific locations, preventing the flow of traffic across the network, and by similarly isolating OT assets.

Organizations also can gain visibility and control by employing moderated asset access control, which requires vendors to check in before accessing their critical assets and moderates their visit. A moderated approach also can be applied to file transfers, requiring approval before files are moved to or from a vendor location, and also logging all of those activities.

By employing a smart combination of cybersecurity technologies and techniques, even the most complex OT networks, including those that are integrated with IT systems, can be protected from the dangers of both modern threats and malicious users.

The Modern Approach to Operational Technology (OT) Remote Access

XONA provides a frictionless and secure solution for operational technology remote access. Its proprietary protocol isolation and Zero Trust architecture immediately eliminate common attack vectors, while giving authorized users seamless and secure control of operational technology from any location or device. XONA enables organizations to have control of who, what, where, when and how users and data move in and out of any critical system with granular role-based access control, multi-factor authentication, moderated access, user session analytics, and full system logging/monitoring with easy output to SEIMs or Log Viewers.

XONA is the single, secure portal that connects the cyber-physical world and enables critical operations to happen from anywhere with total confidence and trust.

Learn More

Protocol Isolation Definition & Examples

Protocol isolation, also known as protocol translation, is the practice of confining the use of certain protocols to a specific network location, such as a virtual machine, and isolating it from the rest of the network. As with network segmentation and other types of isolation, such as isolating browsers, protocol isolation helps protect systems against compromises and breaches by keeping all activity local and preventing malware from spreading. It also keeps threat actors from moving through the network.

Protocol isolation is particularly interesting to industrial and manufacturing enterprises, where operational technology (OT) employs a wide range of protocols. This mix of custom protocols involving products of varying complexity and functionality complicates the task of securing an environment. When it’s not possible for teams to individually secure the full range of products and protocols in use, isolating them within their specific areas is the practical approach.

Fortinet’s 2022 State of OT and Cybersecurity Report underscores the importance of protecting protocols for industrial control systems (ICS), which OT professionals ranked as the 2nd most important feature for a cybersecurity solution.

Important Cybersecurity Features (Ranking) for Operational Technology

Why Protocol Isolation is Important

Enterprise IT has largely standardized on TCP/IP for most traffic, but within the network several administrative or management protocols are in use, including Simple Network Management Protocol (SNMP), Network Time Protocol, Secure Shell, FTP and Remote Desktop Protocol (RDP).

Organizations that use legacy, unencrypted protocols open the door for malicious actors to harvest credentials and move throughout the network. As the Cybersecurity and Infrastructure Security Agency (CISA) points out, whoever controls the routing infrastructure of a network essentially controls the flow of data. An attacker with a presence on an organization’s gateway router, or internal routing and switching infrastructure, can monitor, modify or deny traffic either to and from the organization or within its network. Isolating protocols and functions, along with segmenting the network, limit what threat actors can do once inside the network.

In industrial settings, the need for protocol isolation is more urgent. Traditionally, OT systems were assumed to be secure because they were isolated from the internet and other enterprise systems. OT systems were “air gapped” from IT systems by being physically separated. Although this didn’t render cyberattacks impossible—malware could be introduced via a USB drive, for instance, as happened in the Stuxnet attack. Even so, it made attacking OT systems difficult and time-consuming, which made compromising those systems less likely than with attacks against IT systems.

In the years since, however, IT and OT systems have converged, combining the use of IT and ICS protocols. That convergence has increased efficiencies, allowing the use of data and analytics to streamline operations, and enabled remote plant operations for geographically dispersed enterprises. But it also has increased vulnerabilities and made OT systems, many of which were never intended to be connected to the internet, a more attractive target for threat actors.

IT systems have standardized on TCP/IP, but OT systems use a wide array of protocols, many of which can be specific to the functional operations of equipment, the type of industry or even geographical areas. Integrated IT and OT systems may use the same hardware, but they still operate differently, with significant differences in the software and protocols used.

In addition to the variety of OT protocols in use, many OT systems are also older, with more than half running unsupported and unpatched software. Many rely on outdated operating systems, with Windows XP still in widespread use. OT systems that are run networked with IT systems can also be vulnerable through open ports that lack proper access and protocol controls.

These factors have increased the importance of protocol isolation. The air gaps that once existed between OT and IT systems have to be effectively replicated by other means in order to protect those systems. Protocol isolation is one way to do that.

How Isolating Protocols Improves Network Security

The practice of isolating systems, protocols and other elements of a network is gaining attention as enterprises become increasingly cloud-based and dispersed. Treating OT like an enterprise network will lead to disaster because its systems and requirements are entirely different. While an enterprise network can withstand a data breach from unauthorized network access, gaining access to a nuclear power plant’s control systems is of a different magnitude and requires protocol isolation, which offers higher level of security controls.

Network segmentation, also known as network isolation, is one way to prevent threat actors who have gained access to a network from moving around within the network to steal data or inflict damage. A network is divided into sub-networks, or zones, of systems that share operational functions and risk profiles. Communication between the subnets, which consist of Virtual LANs, is prohibited unless specifically granted.

Segmentation is often a crucial element of Zero Trust security strategies. Network segmentation also allows for the isolation of assets within the network, managed by a firewall that can enforce access controls and security policies. A firewall configured for OT-specific protocols, for instance, can inspect traffic for potentially malicious content or activity.

The goal of isolating protocols is to help stop threat actors or malware from lateral movement within the network, a tactic that commonly used tools aren’t equipped to prevent. Outdated VPNs, for example, weren’t designed to manage access to critical systems, and do not isolate systems or protocols. An attacker who uses stolen credentials to access a network via a VPN could have free movement once inside.

Along with other security measures such as enforcing the principles of least privilege and securing access to devices within the infrastructure, organizations can use protocol isolation and segmentation to restrict movement. Some recommended best practices include:

  • Logically segregate the network by physical or virtual means, which allows admins to isolate critical devices and their protocols within network segments. Virtual LANs (VLANs) are the most common way to segment networks.
  • Use protocol-aware firewalls configured to filter traffic and deny the flow of packets within the network.
  • Implement a VLAN access control list, which filters access to and from VLANs, based on protocols, ports and the direction of traffic, denying the flow of data from one VLAN to another.

Protocol isolation is a part of a comprehensive, holistic approach to security. One of the tenets of modern security strategies such as Zero Trust is to operate on the assumption that the network has already been hacked. Protocol isolation mitigates the damage from those successful attacks, potentially stopping them before they can do damage while also limiting the movement of attackers inside the network.

How XONA Uses Protocol Isolation

XONA enables frictionless user access that’s purpose-built for operational technology (OT) and other critical infrastructure systems. Technology agnostic and configured in minutes, XONA’s proprietary protocol isolation and Zero Trust architecture immediately eliminates common attack vectors, while giving authorized users seamless and secure control of operational technology from any location or device. XONA’s proprietary protocol isolation allows organizations to securely stream applications and convert remoting protocols into an encrypted display that can be presented into any browser. With integrated multi-factor authentication, user-to-asset access controls, user session analytics, and automatic video recording, XONA is the single, secure portal that connects the cyber-physical world and enables critical operations to happen from anywhere with total confidence and trust.

Protocol isolation allows protocols to be accessible on a trusted ICS network but closed to external untrusted networks and users unless they are using a solution that translates the protocols from the trusted network to the untrusted network without exposing the native protocols. XONA’s secure user access platform is just one example of this solution. Secure user access platforms securely stream applications and convert remote protocols into an encrypted display presented in any browser. This is a fundamental shift in thinking and breaking the kill chain before network access begins. As a result, protocols that hackers could exploit traditionally are now closed due to protocol isolation which dramatically reduces the attack surface of the OT and ICS networks. Protocol isolation removes the need for Jump Servers, VPNs, and other related IT/OT and cybersecurity technologies and network gear.

Below is a visual depicting XONA’s approach to protocol isolation in our CSG gateway, which does the translation but only sends out PNG images over port 443. In this example, RDP or VNC protocols are not accessible from the internet or external networks, eliminating the attack surface.

Protocol Isolation

Learn More

Secure Remote Access (SRA) Definition & Examples

Secure remote access combines several security strategies designed to allow users to operate technology offsite from a physical facility while protecting the security of networks and data from unauthorized users. By permitting geographically dispersed access from a variety of devices, secure remote access supports business and IT operations while reducing the possibilities of a cyberattack and preventing a breach of sensitive data – whether intentional or not. The importance of secure remote access for information technology (IT) and operational technology (OT) has grown significantly in recent years, while the challenges in preventing access to systems and data by unauthorized internal or external users have also increased.

The Exponential Growth of Secure Remote Access in OT

Historically, remote access to network systems was reserved for IT administrators and perhaps a few business users at the top of the leadership chain. But the move to hybrid and multi-cloud environments mixed with on-premises infrastructure, as well as the rise of mobile and remote workers, have greatly increased the number of people with access. The COVID-19 pandemic also changed the landscape for secure remote access, with millions of employees suddenly connecting to enterprise systems from home.

Today, any employee can get access to the network, from any location, at any time, using a variety of devices. And with the growth of cloud infrastructures and services, remote access also applies to third parties, as well as a growing number of applications, services and Internet of Things devices.

In industrial enterprises, remote plant operations that combine operational technology (OT) with IT systems are common. OT operations often must account for older, unpatched operating systems and software, and likely require a different layer for logical access and security to support Supervisory Control and Data Acquisition (SCADA) as well as other Industrial Control Systems (ICS).

As a result, secure remote access today has become a complex undertaking, beyond the abilities of traditional security methods. Protocols such as Remote Desktop Protocol (RDP) and Secure Shell (SSH), for example, can be difficult to deal with and don’t provide the granularity of control that is required. Another common tool, virtual private networks (VPNs), can be slow to work with and, if compromised, can allow an attacker to move laterally around the network.

The Elements of Secure Remote Access (SRA) Today

Secure remote access is something of a catch-all term, covering a range of security policies and practices designed to prevent unauthorized access to systems and data. It doesn’t have a single, precise definition. But in today’s distributed cloud environments, any secure remote access implementation should include several essential features.

  1. Zero Trust. A zero-trust strategy is increasingly at the foundation of secure practices in modern computing environments. Its focus on continuously authorizing and authenticating identities helps ensure that systems and data are being accessed only by authorized users. It also keeps track of user activities, which is essential to mitigating any damage in the event of a breach. (Zero-trust conforms with one of the tenets of current security strategies, which is assuming that threat actors have gained entry.)
  2. Least Privilege. Another essential element of secure remote access—and part of a zero-trust strategy—is enforcing the principle of least privilege. Users, devices, applications, APIs or any other network identity should have only the minimum access privileges necessary to complete a specific job or task. In the event that an identity is compromised, least privilege helps ensure that an attacker cannot move up or though the network. Least-privilege also can be strengthened through steps such as time-based access, which not only keeps privileges to a minimum but also limits the time in which a user can perform a task.
  3. MFA. Multi-factor authentication, which relies on two or more ways to verify a user’s identity, has been proven to significantly reduce credential compromises, yet many organizations still neglect the practice. MFA combines “something they know” (such as a password), with “something they have” (such as a hardware token) or “something they are” (such as a fingerprint or other biometric feature).

Controlling Access for Industrial Systems and Critical Infrastructure

In industrial settings involving a mix of OT and IT, other steps that can help ensure secure remote access include:

  1. RBAC. Similar to least-privilege principles, role-based access control can provide granular control that can permit access for specific functions, such as operating a human-machine interface (HMI) or patching an asset.
  2. TBAC. Time-based access control sets the days or hours during which a vendor or other partner can gain access to assets.
  3. OT Asset and Protocol Isolation. This practice builds on the practice of network segmentation to keep users isolated, with access only to their assigned assets on the OT network.
  4. Moderated Asset Access Control. In this approach, OT managers can maintain control by moderating vendors accessing their critical assets, after first checking in to a virtual “wait lobby.”
  5. Moderated Secure File Transfer. This approach allows an organization to approve and log the movement of files to or from a vendor system, which supports access reporting and auditing.
  6. Session Logging and Screen Recording. Fully logging and recording vendor access sessions are used for both forensic and training purposes.

Modernizing Secure Remote Access with Protocol Isolation

Implementing secure remote access strategies and technologies can help organizations protect their data and critical systems in an increasingly complex, distributed environment. That environment has greatly increased the operational capabilities and efficiencies for many organizations, but it has also expanded the attack surface, potentially exposing more weaknesses and vulnerabilities. As a result, threat actors have shifted some of their tactics to focus more on credential-based attacks rather than delivering malware, and security strategies need to adapt.

There are countless reasons professionals running oil rigs in the middle of the ocean, manufacturing plants meeting high demand, water treatment facilities serving large populations and other critical facilities need 24/7 access to their operational technology. But providing that access has traditionally been complex and fraught with security issues. Giving authorized users consistent secure access regardless of their location or the time of day, while effectively preventing access by unauthorized users, requires a secure remote access strategy built to address all modern computing platforms and threat landscapes.

Technology agnostic and configured in minutes, XONA’s proprietary protocol isolation and zero-trust architecture immediately eliminates common attack vectors, while giving authorized users seamless and secure control of operational technology from any location or device. With integrated multi-factor authentication, user-to-asset access controls, user session analytics, and automatic video recording, XONA is the single, secure portal that connects the cyber-physical world and enables critical operations to happen from anywhere with total confidence and trust.

Learn More

Zero Trust for Critical Infrastructure Features, Benefits, & Examples

Zero Trust is a security strategy requiring every user and device connected to a network to be authorized, authenticated and continuously validated to access a network and interact with data, services or other assets.

Zero Trust, in critical infrastructure organizations, is seen as essential to ensuring that their integrated mix of operational technology (OT) and IT systems are protected from malicious intruders, and that they are able to mitigate and recover from successful cyberattacks when they occur. Critical infrastructure in recent years has become a key target of threat actors, particularly those with ties to nation-states. Because of critical infrastructure’s importance, attacks have the potential to threaten a nation’s security, economy and even the health of people who depend on those services.

Zero Trust eliminates the implicit trust that was inherent in traditional networks, which assumed that every user or device inside the network perimeter was trustworthy. Instead, its “never trust, always verify” approach treats every user, device, application and service as a suspect, assuming each may have been compromised. It also requires constant validation of all access privileges to protect the organization if a valid credential later becomes compromised.

Why Zero Trust? Mitigating Threats to Critical Infrastructure and Operational Technology

As ransomware and other attacks have increased in recent years, the focus of many attacks has been shifted to industry and critical infrastructure, including attacks involving industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In 2021 alone, 649 organizations in 14 of 16 critical infrastructure sectors suffered ransomware attacks, according to the FBI’s 2021 Internet Crime Report.

Attacks such as those on the Colonial Pipeline and meat packer JBS (both attacks have been linked to groups in Russia) have had far-reaching impacts. For instance, the attack on the Colonial Pipeline shut down the pipeline’s operations for almost a week and had significant downstream impact. At the beginning of Russia’s invasion of Ukraine, the FBI and the Department of Homeland Security issued a warning to operators of critical infrastructure about the potential of cyberattacks, urging them to adopt a “shields up” defensive posture.

The Cybersecurity and Infrastructure Security Agency (CISA) identified 16 critical infrastructure sectors whose assets, systems and networks are considered so vital to the nation’s operations that attacks on them could threaten national security, economic security, or public health and safety. Those sectors include:

  • Chemical
  • Communications
  • Commercial Facilities
  • Critical Manufacturing
  • Dams
  • Defense Industrial Base
  • Emergency Services
  • Energy
  • Financial Services
  • Food and Agriculture
  • Government Facilities
  • Healthcare and Public Health
  • Information Technology
  • Nuclear Reactors, Materials, and Waste
  • Transportation Systems
  • Water and Wastewater Systems

Beyond commercial or political impacts, attacks on infrastructure, such as hospitals, can put lives at risk. In the current environment, a comprehensive security strategy built on zero trust principles is considered essential to protecting critical infrastructure systems and reducing risk to acceptable levels.

Zero Trust’s Key Components for Planning and Implementation

Zero Trust strategies grew out of the realization that traditional security methods, which focused on protecting the network perimeter, were no longer enough. Cloud computing and mobile computing extended beyond any physical or logical network perimeters all the way to systems at the edge. The focus of security has shifted to identities, whether human or non-human, that interact with an organization’s systems and data. Zero Trust applies continual verification of those identities throughout those interactions.

In critical infrastructure settings, the need for a Zero Trust approach is amplified by the convergence of IT systems with operational technology (OT) systems, many of which lack essential protections. ICS systems often use old, unsupported operating systems and software that doesn’t receive updates and security patches. The integration of IT and OT systems, which allows remote access to OT equipment, can leave the entire enterprise vulnerable. Access control methods often include outdated systems such as VPNs that weren’t built to manage access to critical systems and applications. VPNs also don’t isolate protocols and systems, and can allow lateral movement through a network.

A Zero Trust strategy includes several key elements that are necessary to control all interactions between users and data, and systems and applications.

Network Segmentation. In network segmentation, the network is broken down into distinct sub-networks, typically consisting of Virtual LANS, allowing teams to apply security controls specific to that subnet. It helps control access and restrict movement within the network.

Protocol Isolation. Unlike IT systems, which mostly have standardized on TCP/IP, OT systems use a wide variety of protocols, some of them specific to the equipment or function involved. Isolating those protocols limits their use to a specific location, such as a virtual machine. Protocol isolation allows protocols to be accessible on the ICS Network (trusted network) but unavailable (closed) to the external untrusted networks and users unless they are using a solution (e.g., secure user access platform) that translates the protocols from the trusted network to the untrusted network without exposing the native protocols. As a result, protocols that hackers could exploit traditionally are now closed due to protocol isolation which dramatically reduces the attack surface of the OT and ICS networks.

Multi-factor Authentication. MFA—which employs a combination of passwords, tokens and biometrics—is extremely effective in preventing identity compromise. It should be required for access to a network, including user sessions involving any data in transit.

Least Privilege. Any level of access should be guided by the principle of least privilege, under which users, devices, applications, APIs or any other network identity is given only the minimum privileges necessary to complete a specific job or task. Least privilege polices also can include role-based access, which limits access only for performing a specific job, and time-based access, which grants access for a set amount of time in which to perform the job. Location-based access allows users access only from a certain location.

Strong encryption. Any communication between the IT and OT systems, as well as to the internet, should have a high level of encryption.

Logging and Monitoring. Organizations need to log and record all user access session data to critical OT systems, including those involving vendors accessing their critical assets. Monitoring should be done in real-time, if possible, and should include monitoring the movement of any files.

Clear Assess Risk. No security strategy is perfect—the goal is to identify risks and reduce them to acceptable levels. Organizations can use a Zero Trust strategy to identify and verify an acceptable risk level for critical assets.

Achieving Zero Trust in OT and ICS Systems

XONA offers Zero Trust access protection to ensure the protection of OT system data and applications. The company leverages several innovative techniques to protect critical asset data and applications, all through the standard Zero Trust approach. The company combines strong multi-factor authentication with granular authorization to applications and systems. XONA’s Clientless Secure Gateway (CSG) employs protocol and system isolation, encrypted thin-client display and real-time session logging and user access monitoring to combat against even the most sophisticated cybercriminals. The CSG delivers clientless access to ICS via any common web browser on any capable device.

A Zero Trust approach for access to OT and critical infrastructure maintains reliable industrial processes and more importantly, safeguards civilization.

Learn More