Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check.
These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote access.
Using Oldsmar as an Example
The benefits of remote access should not be in dispute. So rather than making remote access the scapegoat, let’s consider the incident at Oldsmar water utility briefly.
It has been established that the nefarious actor was able to access the SCADA system via TeamViewer. The details of how they were able to gain access via TeamViewer is still unknown.
So, based on this information, TeamViewer is the villain, correct?
The answer is not binary. TeamViewer serves a legitimate purpose if used correctly. In this instance, to understand if TeamViewer was the right tool, let’s consider the application more closely.
As a water authority, the Oldsmar plant’s main KPI is to keep the plant operational 24/7 because we all want safe and clean drinking water when we start the tap! This means minimal downtime, timely notifications of any alarms and the ability to diagnose faults promptly. Remote access is an essential tool to achieve this objective. The remote user does not need access to the utility’s IT network to keep the plant operational. And, this is the key – IT and OT’s remote access needs are different.
Understanding OT’s Remote Access Needs
OT remote access is precise. It is for a specific machine or process. What does this mean? Let’s take a water treatment plant (WTP) as an example. A WTP is made up of a series of complex processes that takes untreated water and converts it to safe drinking water. (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/industrial-remote-access-not-something-to-fear/