In today’s digital age, accessing resources from any corner of the globe has become routine and part of ways of working. However, securing remote access is an intriguing tapestry of innovation, challenges, and constant adaptation, from the early days of dial-up connections to today’s sophisticated Software-Defined Perimeters (SDP) and Zero Trust Access (ZTA).
The evolution can be traced back to when, in the 1990s, we relied on modems to connect remotely; then, in the 2000s, Virtual Private Networks (VPNs) marked a significant shift, providing encrypted tunnels for data transfer across public networks. But, as the digital landscape increased with cloud computing and remote work, new challenges arose, prompting the emergence of more agile and adaptive remote access solutions.
I recall after the incident in the Gulf of Mexico in 2010, there was a big mind-shift to reduce human physical presence on a rig to necessary only. As a result, remote access to systems that weren’t allowed before became acceptable for safety reasons. The same happened as a result of the Covid-19 lockdown.
Today, OT systems connect with IT networks for good reasons (enhanced functionality & real-time monitoring), So securing remote access to the OT systems has become more critical than before. Here are some security incidents linked to weak secure remote access:
- Target (2013): While the breach itself involved malware placed on point-of-sale (POS) terminals, the attackers initially gained access to Target’s network through a heating, ventilation, and air conditioning (HVAC) contractor using weak remote access controls.
- Home Depot (2014): Similar to Target, attackers were able to gain initial access to Home Depot’s network via a third-party vendor.
- VPN vulnerabilities: several VPN products were found to have vulnerabilities that allowed attackers to gain remote access to systems.
- Colonial Pipeline (2021): The attackers gained initial access using compromised VPN credentials, emphasising the importance of secure remote access mechanisms and multi-factor authentication.
Securing remote access for systems in the OT environment isn’t different from systems in the IT environment. The controls that…