Manufacturing Also Faces Remote Working Security Risks
Threats to the operational technology network in manufacturing facilities during remote work are high considerations in the time of COVID-19
When talking about security risks due to COVID-19, much of the discussion centers around displaced workers moving from office to home. What’s left out of the discussion is the security concerns surrounding manufacturing and industrial facilities and remote work. However, the pandemic have intensified the security risks to operational technology (OT), industrial internet of things (IIoT) and IT in factories.
Threats to OT aren’t new. They tend to come through the IT network, malware or a breakdown of administrative privileges—just like any other type of system. But remote access has added a new wrinkle.
“A top threat vector for targeted attacks on OT systems is individuals who have access directly through OT networks,” said Galina Antova, co-founder of Claroty. “Traditionally, OT engineers in many cases have shared admin access since they might need access to the process immediately. That practice is that much more challenging at a time when many of them are logging into OT environments remotely.”
Similarly, she added, third-party consultants, workers and vendors—and their remote access to networks—also bring an additional level of risk.
How Remote Work Impacts OT/IIoT Security
Because manufacturing doesn’t rely on remote access on a regular basis, adversaries are targeting and exploiting operations on those systems.
“Many organizations who never even dreamed of having employees work remotely are now directing their IT teams to make it happen as quickly as possible, and the urgency may cause them to neglect security,” Antova said.
Phishing attacks, which have traditionally been a source of security risk for industrials systems, have increased during this time of remote work. Another issue is VPN vulnerabilities, specifically in the industrial space, Antova pointed out, where this issue has been around for a while but is now more pronounced given the increased reliance on remote access.
Meeting Manufacturing Security Threats During Remote Work
“Visibility, granular access control and real-time access to intelligence and monitoring networks are crucial,” said Antova. “Organizations should have strict audit controls in place to see who’s accessing their networks.” This includes monitoring all remote connections, implementing privileged access control, multi-factor authentication, along with consistent and stringent audit and compliances, which she detailed below:
- Monitor All Connections: First, organizations should take special care over these next several months to monitor all of their remote connections, even the seemingly unimportant or inconsequential ones. Ideally, this means having the capability to observe remote sessions in real-time; actively manage user access requests based on purpose, length and frequency; and terminate sessions with the click of a button. Doing so will markedly reduce the risk of both internal and external exploitation, including third parties, without introducing costly or burdensome barriers to productivity.
- Privileged Access Control: As organizations rely more and more on remote connectivity, it’s critical that they define and enforce granular access permissions for all remote users, but especially those with privileged access. For industrial organizations, access control policies should reflect a layered network defense model to mitigate lateral movement in the event of a compromise and protect the most sensitive and critical process control assets.
- Authentication: One of the biggest risks associated with the rapid adoption of remote access operations is the use, sharing and management of passwords. If possible, organizations should seek to limit, if not eliminate, the use of passwords for third-party users by requiring administrator approval for all remote access sessions. In other cases, businesses and governments should take advantage of password vaulting technology and always enforce multi-factor authentication to protect against account compromises.
- Auditing and Compliance: Even though this period of flexible workplace arrangements will come to an end as the effect of the novel coronavirus eventually wanes, it is important to maintain consistent and stringent audit requirements for remote access for the duration of its impact. Opportunistic hackers will undoubtedly attempt to take advantage of this opportunity to gain and maintain persistent access to critical networks. Despite organizations’ best efforts, some will be successful. For this reason, organizations should be keen to capture and document all remote access session activity and credential usage to meet compliance requirements and facilitate any future forensic analysis.
For most casual observers, factories are fully hands-on, in-person operations. The media, press conferences from the White House and commercials show the good and the bad: Workers busy manufacturing PPE and workers falling ill with the virus. But the people charged with keeping the systems running and secure aren’t necessarily onsite and they face challenges to keep things running smoothing. That’s why this is the time for CISOs and other executives to step their leadership, Antova said.
“It’s more important than ever that they are able to demonstrate to their CEOs, boards and fellow employees that the organization’s security will not be compromised during this tumultuous time,” she said.