Risks vs. Rewards of ICS Remote Access

Preston Futrell, vice president
NexDefense

From healthcare to financial services industries, today’s corporate environments are facing increased pressure to do more with less to meet customer and regulatory demands. Doctors must improve the quality of patient care, data center managers must maintain 100 percent availability, and even owners and operators in critical infrastructure industries are expected to simultaneously maximize operations and reduce costs. As a result, the majority of organizations are turning to modern technology solutions en masse to increase efficiencies and productivity in their IT environments.

For critical infrastructure industries specifically, many owners and operators have deployed remote access solutions within their industrial control systems (ICS) as a means of enhancing business operations. According to SANS Institute, “The increasing need to reduce manufacturing and operational costs, enhance productivity and provide access to real-time information have been some of the key drivers for organizations to evolve towards utilizing modern networking systems to interconnect ICS with business and external networks.”

Secured data transferBy remotely connecting to a system, owners and operators can improve process visibility, worker productivity and overall operational efficiency. While there are significant cybersecurity considerations to take in order to reduce the threats associated with such connectivity, remote access is actually becoming a required element of operations more often than not. In fact, because of pressures from executives, users and third-party service providers, remote access into ICS is all but becoming a necessary functionality in many of today’s critical infrastructure.

From Isolated to Interconnected Systems
Facilities within critical infrastructure, such as manufacturing, power plants and oil and gas refineries, are typically situated in remote locations. Historically, the ICS networks of these locations were also isolated from external network connectivity, with access limited to those physically within the four walls of the site.

Without connectivity to the outside world, owners and operators would have to manually control, maintain and manage ICS on site. However, as the responsibilities expanded from one facility’s ICS to several across state lines and beyond, it became physically impossible to properly service each of the systems at multiple locations. As a result, information technology (IT) was soon attached to legacy control systems to provide owners and operators with remote management capabilities.

According to the US Department of Homeland Security (DHS), remote access solutions for ICS provide a connection over a distance between a user (or system) and a system (or information asset). Once stand-alone, control systems can now leverage advanced technologies that allow users to access the systems from any location. Today, remote access solutions integrate external, business and ICS network infrastructure. While physical distance traditionally hindered organizations’ operations, remote connections effectively serve to bridge the plant floor to the boardroom and unify every aspect of an organization. However, as more technology and advanced assets are deployed throughout an organization, the more people will want, or require, remote access to its infrastructure – including internal employees and external vendors.

Roles Requiring Remote Access
While system operators and engineers will need the most access into control systems’ network, the full list of roles that have remote access to an organization’s network infrastructure can be extensive as more software is deployed, regulatory requirements are enforced and external connections are created. According to the DHS, the list may include the following roles:

  • System operators and engineers for local systems
  • System operators and engineers for remote systems
  • Vendors
  • System integrators
  • System support specialists and maintenance engineers
  • Field technicians
  • Business partners
  • Reporting or regulatory entities
  • Customers
  • Supply chain representatives
  • Managed service providers

In addition to providing owners and operators with a means of remotely servicing their ICS in real time, remote access solutions allow businesses to outsource operations to trusted third-party vendors. By engaging managed services providers and giving full-time access to their control systems, owners and operators can focus their internal resources on strategic business initiatives while still ensuring operational stability. Though certainly beneficial from a business perspective, remote access must be selectively provided to vendors so as to reduce threat vectors and pathways into critical operations.

Though legacy ICS are still in use throughout critical facilities, machine builders are now manufacturing assets with interconnectivity in mind and with the expectation of remote access. In addition, third-party vendors are deploying technology in ICS environments with remote access already embedded in the software. Further, many vendor contacts are actually demanding remote access capabilities in order to provide operational support and perform system maintenance. As organizations continue to add technology to their assets, more and more outsiders will request remote access to the ICS network in order to deliver more value-add services, therefore ever-increasing the threat landscape.

Security Considerations for Remote Facilities
Today, technology is rapidly and continuously being deployed throughout organizations’ infrastructure to improve productivity and reduce costs. While certainly slower to advance than modern IT environments, remote facilities within critical infrastructure are also implementing technology to enhance business operations.

In fact, remote access to ICS is quickly becoming a critical functionality by both internal personnel and third-party vendors for proficiency, support and maintenance purposes. Accessing a control system from any location is certainly beneficial to productivity and cost efficiency, but the technology introduces significant cybersecurity threats to once-isolated critical systems. As the connections and ICS services proliferate, it becomes increasingly difficult for owners and operators to know how many entry and exit points are in even their systems – leaving them blind and vulnerable to cybersecurity threats.

While third-party vendors and external resources request remote access, ICS owners and operators should identify each role and selectively segment the amount of access given to each entity. Fewer connections result in a more secure environment, so removing unnecessary access points reduces the risk of intrusion from an unknown threat actor. In addition, owners and operators should strongly consider implementation of a network monitoring solution to identify each access point and determine what is passing through the connections.

As remote facilities continue to adopt advanced solutions, and technology providers increasingly require access, ICS owners and operators have no choice but to adapt to the new era of a connected critical infrastructure.

Preston Futrell is the vice president of sales and marketing at NexDefense, a leading provider of cybersecurity for industrial control systems. For more information visit www.nexdefense.com

Comments are closed.