As modern industrial and healthcare enterprises prioritize operational resilience, the integration of IT with operational technology (OT) and cyber-physical systems (CPS) has shifted from a competitive advantage to a core business necessity. However, connecting once isolated legacy OT and CPS technology with modern IT infrastructure significantly expands the cyber attack surface, particularly via the extension of access privileges outside the firewall to partners, vendors, contractors, and for internal remote management of assets.
Secure remote access solutions, therefore, become a key facet of a CPS and OT protection strategy to ensure not only cybersecurity, but also business and compliance requirements.
To bridge these legacy systems with contemporary security, business, and compliance requirements, organizations must transition to robust,. This is particularly critical for maintenance of assets in hard-to-reach locations, locking down of third-party privileged access, and ensuring that vendors and remote operators can maintain vital equipment without introducing unmanaged risk or compliance vulnerabilities to the broader production or patient environment.
This guide examines five key aspects of secure remote access that drive resilience, ensure uptime and availability of sensitive assets, and reduce overall risk.
OT remote access allows employees, contractors, and vendors of industrial organizations to remotely connect to these and other CPS assets. As a result, these personnel are able to monitor, control, and maintain, and troubleshoot equipment and processes without being on-premise at the facility. Operators, engineers, and technicians can establish a remote connection to access user interfaces, configuration settings, and real-time data — allowing them to adjust processes, make software and firmware updates, or troubleshoot problems. Remote access provides many benefits to critical infrastructure organizations such as increased efficiency, improved response time to emergencies, cost savings, enhanced collaboration among employees in dispersed locations, and the flexibility to monitor and control processes outside of working hours. These remote sessions, however, must be secure, communications encrypted, auditable, and in the event of malicious activity, admins must have the ability to terminate sessions.
The cyber-physical systems (CPS) that underpin industrial environments many times lack even the most basic cybersecurity protections. This is due to the following challenges:
The majority of OT environments rely heavily on third-party and OEM vendors for technical support and to perform maintenance, feature, and security updates. At times, manufacturing organizations may be working with hundreds of third-party contractors. Many industrial organizations, unfortunately, lack the ability to effectively monitor and respond to the changes being made by these vendors to their complex, geographically dispersed architecture. This challenge gets even more complex being that organizations often have to manage a considerable number of remote connections from OEM vendors who require access to vendor-specific assets for routine maintenance, resulting in a large number of remote connections that must be managed and tracked.
OT systems are typically connected to legacy devices that operate on outdated operating systems or software that is no longer supported. These devices are also not typically created with cybersecurity in mind, and can have decades long lifespans — allowing them to be more easily exploited.
Due to their long lifespans, applying patches and updates can be challenging due to concerns regarding the disruption of critical processes. As a result, organizations many times delay or avoid updates, leaving their system vulnerabilities unaddressed.
OT environments are typically managed by engineers, technicians, and operators who may not be fully aware of the potential risks and best practices for securing OT systems and devices. There is also a shortage of cybersecurity professionals with specialized OT cybersecurity knowledge, making it difficult to establish robust security measures.
Implementing effective OT cybersecurity strategies require significant investments in terms of technology, infrastructure, training, and personnel. With cost constraints affecting critical infrastructure organizations across industries, many prioritize other operational needs over cybersecurity and adoption of new technology due to limited resources.
Solutions like VPNs, commonly used in OT environments, pose considerable risks and introduce inefficiencies. VPNs face scalability and performance limitations, frequently necessitating organizations to invest in additional resources and infrastructure to cater to growing remote access demands. They introduce direct connectivity to lower levels of the OT environment, often breaking the Purdue Model of control hierarchy. This model is designed to prevent direct communication between certain levels, ensuring a layered defense. However, VPNs bypass these layers, breaking the segmentation, exposing crucial control systems, and creating potential pathways for cyberattacks. This direct, unsegmented connectivity extends the organization's attack surface, allowing potentially less secure or compromised devices to connect to sensitive OT systems. On the other hand, alternative solutions like jump servers are extremely inefficient, costly to manage, and time-consuming, further amplifying the challenges of secure remote access.
The challenges listed above have further fueled the device visibility challenge so commonly faced by industrial organizations. Not only do organizations lack the invaluable knowledge of what assets are located in their geographically dispersed environments, they also lack visibility into who is connecting to these unknown assets. You can’t protect what you can’t see, that’s why asset inventory is foundational in ensuring the resilience of OT environments.
Unlike IT systems, OT systems traditionally prioritize availability, reliability, and safety over security. Their goal is to ensure that their critical infrastructure operations are running smoothly and efficiently. Cybersecurity measures being viewed as secondary or overlooked can cause serious cybersecurity implications and disruption to operations. Addressing these challenges requires a holistic approach, where IT and OT teams work collaboratively, and cybersecurity awareness is raised amongst stakeholders.
There are stark differences between remote access needs and capabilities for IT and OT, largely because of the nature of the systems third parties and internal admins would connect to. Enterprise IT is largely a data security and corporate network domain, while OT and CPS manage digital systems that directly impact physical processes. The priority is safety and availability for OT and CPS rather than confidentiality, which guides IT security. OT and CPS require dedicated secure remote access solutions that support different protocols, jump hosts, and compliance requirements such as auditing and remote session termination capabilities.
The network access VPNs and remote desktop protocol clients afford users is too broad to adequately ensure sensitive OT systems and processes are not disrupted. A purpose-built OT secure remote access solution will allow admins to isolate remote sessions to HMIs or PLCs, for example, in order to prevent lateral movement from the OT network to other assets or the enterprise network.
Solutions should also enforce strong authentication and just-in-time access for single-use access during maintenance windows, for example. In addition to full session logging, other features should include real-time auditing and recording in order to support forensic analysis in the event of an incident.
Organizations should consider the shortcomings of legacy VPNs in OT and CPS environments, in favor of platforms that support zero trust network access and intense privileged access management.
The zero trust security model assumes that no entity should be trusted. This means that security teams must operate on the assumption that there are threats present both inside and outside of their networks. Therefore, no communication should be allowed until all users are properly authenticated and authorized.
Although zero trust is top of mind for most organizations as a critical strategy for reducing risk, few have actually completed zero trust implementation. It is essential for organizations to implement a zero trust strategy that addresses cyber threats and balances the need for security with the need to achieve operational resilience. Through zero trust adoption, organizations will shift their objectives by requiring continuously assessed, explicitly calculated adaptive trust between users, devices, and resources. Ultimately, zero trust principles will benefit OT remote access in the following ways:
Reduces unauthorized access by granting access to only specific OT systems or users only have the necessary level of access to perform their specific tasks.
Provides an additional layer of security with continuous authentication. Continuous authentication will help to verify a user's identity and trustworthiness throughout the remote session.
Emphasizes network segmentation by allowing fine-grained control over network traffic. This will allow organizations to isolate critical OT systems from less-trusted environments — reducing the attack surface and limiting the lateral movement of threats.
Protects applications and data regardless of their location or the devices accessing them. This allows organizations to discover, classify, and manage data access according to risk.
Supplies analytics and visibility to detect anomalies, suspicious behavior, or potential security incidents. By establishing continuous monitoring, organizations can identify potential threats or unauthorized activities in real-time — allowing for timely response and mitigation.
By adopting zero trust principles, critical infrastructure organizations can begin to establish a robust cybersecurity framework and ensure they are reducing the risk of unauthorized access, data breaches, and compromise of critical OT systems. But, organizations still struggle with where to begin when it comes to implementing this proactive and layered approach to security. Next, we’ll discuss the best approach for establishing a strong OT remote access strategy to achieving cyber and operational resilience.
Claroty’s xDome Secure Access (formerly SRA) eliminates insecure remote access by providing reliable, highly secure remote access to internal and third-party individuals. It extends zero trust based access controls by removing the complexity and administrative barriers to effective, efficient remote access to industrial environments for both internal and third-party users. It allows access only if permission has explicitly been granted and alerting and disconnecting unauthorized remote access sessions.
Administrators can also define and enforce granular access controls for industrial assets at multiple levels and geographic locations, and additional policies can be created for each asset to ensure the health and operability of the environment. xDome Secure Access also extends to legacy assets, which do not support modern protocols. The solution also has the capability to integrate with your organization’s existing security solutions, allowing for centralized security management, real-time threat detection, and the ability to correlate remote access activities with other security events in the OT environment. This feature allows for closer coordination between IT and OT security teams, providing them with the cybersecurity awareness they need to protect their critical infrastructure environments.
At Claroty, we understand that zero trust is not a one-solution challenge. By integrating with best-in-class solutions, xDome Secure Access helps organizations to successfully implement zero trust policies, addresses any gaps in zero trust frameworks, and provides a purpose-built OT remote access solution to enforce these principles. It tackles the specific challenges posed by managing numerous third-party and OEM vendor connections, maintaining visibility of asset access, and offering a more secure and efficient alternative to VPNs that respects the Purdue Model and maintains the necessary segmentation of OT environments. xDome Secure Access enables organizations to provide greater value and establish cybersecurity best practices, reducing the risk of unauthorized access, data breaches, and other cyber threats in the critical infrastructure environments.
Elevating Secure Remote Access for Cyber-Physical Systems
Claroty’s Ultimate Buyer’s Guide to Secure Access Solutions
Why Remote Access is Considered the #1 Risk to your Cyber-Physical Systems Environment
Interested in learning about Claroty's Cybersecurity Solutions?
Life, uninterrupted
We maximize your availability, strengthen your insurability, and support compliance to ensure operational resilience.