By now, we have a good understanding of what secure remote access (SRA) is and why organizations might choose to enable it for their OT environments. We also know that securing IT-OT collaboration, leveraging guidance from best practice frameworks and using an automated solution can help organizations to implement this type of access. Even so, we still don’t have a detailed view of how to implement industrial remote access in practice.

SRA Throughout the Industrial Environment

It’s not possible for organizations to ensure secure remote access across their industrial environments in just one step. Effective industrial remote access requires that organizations incorporate security measures into three zones of their OT environments: the machine zone, enterprise zone and outside zone. We’ll use ProSoft to investigate this below.

Machine Zone

The machine zone is a section of an organization’s industrial environments that consists of the machine control equipment, the network connecting those pieces of machinery together and remote access modules (if deployed). Many larger organizations have different machine zones to keep different areas of their industrial processes separate. When combined together, these zones create the plant zone.

It might be tempting to simply use a PC with a remote desktop connection to enable remote access to a machine zone. But this creates three problems. First, a malicious actor could use the PC’s advanced networking capabilities to bypass the organization’s DMZ were they to succeed in compromising the device. They could then access parts of the network that would otherwise be off limits and subsequently leverage that access to launch digital attacks.

Second, the PC comes with a full operating system whose components will suffer from vulnerabilities in the future. The problem is that the machine builder or system integrator is oftentimes responsible for issuing this device, meaning that it might not (Read more...)