Fueled by volatile tensions, economic uncertainty, and multiple kinetic conflicts, the current geopolitical landscape is forcing the hand of enterprise security leaders overseeing cyber-physical systems (CPS). As these systems are the backbone of critical infrastructure, leaders in the space must re-evaluate their security posture, and much of that evaluation should be centered on remote and third-party access.
While a great deal of remote and third-party access comes from legitimate sources, such as suppliers, vendors, contractors, business partners, and internal teams, unrest on several fronts is introducing new risks to critical infrastructure. It’s no longer enough to assume that traditional perimeter security will suffice in this new reality, and decision-makers must pivot to using secure access solutions that are designed to protect unique CPS environments.
Why Remote Access is a Favored Attack Vector
Previous Team82 research shows that a typical enterprise has anywhere between four and 16 tools being used to tunnel into networks. Often, those tools are running simultaneously with contractors, vendors, and others bringing in their own solution to respective environments. What’s more, these tools are often designed for IT-specific environments, and lack the necessary granular access controls, permissions, and comprehensive auditing capabilities required for a CPS-specific secure access solution.
Therefore, remote access becomes a favorite entry point for attackers who can use off-the-shelf brute force tools, or exploit vulnerabilities or misconfigurations to gain access to the network. From there, lateral movement can be trivial, and the attacker can drop ransomware or other exploits targeting vulnerabilities that would disrupt critical processes or endanger workers or public safety.
Essential Pillars for Elevating Defenses
As these challenges increase in frequency and complexity, CISOs and other decision-makers have to be willing to shift their approach to being more proactive about secure access. Customarily, this might’ve once meant adding more tools to reinforce security posture, but the threat landscape has necessitated more strategic thinking. CISOs now have the challenge of fundamentally changing how secure access is granted, monitored, and controlled within CPS environments. Here are some key pillars for doing so.
Strong authentication
It might sound like an obvious starting point, but strong authentication is the foundational pillar for moving beyond traditional perimeter security. After all, sometimes it’s the simple, overlooked exposures that can be the most damaging. Implementing multi-factor authentication (MFA) across all remote access points is a must. On top of this, configure traditional security measures like jump servers and VPNs with strong authentication.
Role-based access controls
These types of controls are crucial to limit unauthorized access and ensure only authorized users can access critical systems. Role-based access controls are also crucial to limit user access by limiting permissions to only systems required to do their jobs. This type of provisioning, coupled with strong authentication, limits exposures.
Purpose-built CPS secure access solutions
It’s vital to have a secure access solution that’s built specifically for CPS environments. Unlike generic VPNs or IT-focused jump servers, these specialized solutions are built to inherently understand the unique protocols, requirements, and operational demands of industrial control systems (ICS). They also provide critical functionality that IT-focused solutions can’t deliver, such as comprehensive session monitoring and recording. This includes the capability for "over-the-shoulder" monitoring, allowing security teams to actively supervise remote sessions and instantly shut down any suspicious activity.
The Claroty Secure Access Advantage
Securing CPS environments demands a specialized approach. That’s why Claroty’s Secure Access solution is purposely designed to meet the stringent requirements of such environments. It covers the operational, administrative, and security needs where IT-centric tools fall short. With a full set of features in one solution, Secure Access also reduces tool sprawl, minimizes risk and complexity, and keeps your organization in compliance with industry standards.
Claroty Secure Access also allows you to overcome the common challenges of remote access by delegating remote access privileges without compromising security. Using a zero trust framework, it offers granular access privileges to users you define, reduces your attack surface, and bolsters your business continuity.
