Industrial Networks' Newest Threat: Remote Users

We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

Dave Weinstein, Chief Security Officer, Claroty

May 1, 2020

5 Min Read

With remote working becoming the norm, people need to have access to their organization's networks in order to get the work done, and need access to servers, email, and data without being in the office. But with the need for remote working and so many employees and full organizations working from home, remote access could also be opening up organizations to security risks.

When we look specifically at industrial networks and the organizations charged with maintaining, operating, and securing them, the security stakes become that much higher. Right now, it's more important than ever to make sure these networks are secure. These industrial networks — electrical grids, manufacturing plants, oil and gas, and transportation, among others — are critical to our nation's infrastructure, yet because of our rapidly shifting working environment, they are being accessed and sometimes maintained by people from all over the globe, not just on-site personnel. If these networks were to be compromised, it could be detrimental if a city's electrical grid were breached, or access to a manufacturing plant's systems got shut down. 

What's more, recent survey data from Claroty shows that 63% of US security professionals expect a major cyberattack to be successfully carried out on critical infrastructure within the next five years, showcasing the lack of confidence that cybersecurity professionals have in the safety and security of our industrial networks. In addition, 51% of industry practitioners in the US believe that today's industrial networks are not properly safeguarded and need more protection, while another 55% believe that our critical infrastructure is vulnerable to a cyberattack.

The stakes are high, and we know that remote working isn't going anywhere anytime soon, so it's increasingly crucial for industrial organizations to have a good hold on the safety of our infrastructure, and protecting their remote access points and remote users is critical in doing so.

While this may seem like an easy task, there are various remote access challenges that these organizations need to overcome.

The first challenge is strictly employee-related. As more employees are connecting to their networks from home, remote access risks are scary for any organization, and the stakes are that much higher for those working in critical infrastructure.

While remote access allows flexibility for employees unable to access offices, it also means that employees could be connecting to unsecured Wi-Fi networks or VPNs, perhaps without even realizing it. If their Internet connection is not safe, browser activity, passwords and sensitive corporate data could be left exposed or even vulnerable to malicious activity.

Another challenge organizations face is keeping their employees' passwords protected, as it is not uncommon for remote workers to share their passwords and logins via email, chat, text, etc. If these were to be accessed by the wrong person, fall into the wrong hands, or found by someone outside the organization, the company could be subject to hidden costs, data breaches, and a damaged reputation.

These challenges open up the possibility for a hacker or outside source to do some serious damage — even more so now that more people are remote. Imagine this: Cybercriminals with access to an employee's passwords (which they stole from the employee's session on an unsecured Wi-Fi network) could legitimately log in to the industrial organization's network and compromise critical processes in a factory or plant. This isn't a far-fetched scenario by any means; our recent survey also showed that 56% believe that hacking would be the most prevalent type of cyberattack on industrial networks in 2020, followed by ransomware (21%) and sabotage (12%).

In addition to the risks associated with employees, there are others posed by third-party vendors and contractors. Many industrial organizations use service providers or consultants to help monitor networks and provide additional support or services, and with the increase in remote work, these workers will request remote access to the organization's network. Because these vendors are not as directly connected to the internal systems as full-time employees are, their access may not be regulated or monitored as closely. This means that if malicious actors compromise their remote session, their access could be undetected for an indiscriminate amount of time, giving the attackers a potentially enormous window of opportunity to wreak havoc.

One of the other barriers facing third-party vendors is that setup for traditional network access is incredibly time consuming for system administrators, and therefore has not always been a high priority on their to-do lists. On the other side, since the vendor is not actually part of the organization, it may not take security as seriously as full-time employees.

In a world where outsourcing certain jobs to third parties is also increasingly commonplace, just like remote working, organizations need to place a greater emphasis on making sure that every individual with remote access, inside or outside the organization, is extensively trained and appropriately monitored with the proper security protocols.

The global effort to enable remote work as quickly as possible poses significant security challenges for organizations in all sectors, and the stakes are particularly high for critical infrastructure. To ensure organizations are doing all they can to secure their remote access, it's crucial to have a strong hold on network access and to make sure all remote sessions are monitored, whether they're internal or external.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

About the Author(s)

Dave Weinstein

Chief Security Officer, Claroty

Dave Weinstein is the chief security officer of Claroty. Prior to joining Claroty, he served as the chief technology officer for the State of New Jersey, where he served in the Governor's cabinet and led the state's IT infrastructure agency. Prior to his appointment as CTO he served as the New Jersey Chief Information Security Officer (CISO). Mr. Weinstein began his career as a computer network operations planner at United States Cyber Command in Fort Meade, Maryland. He is a graduate of John Hopkins University and Georgetown University's School of Foreign Service. Outside of Claroty, Mr. Weinstein is currently a Cybersecurity Policy Fellow at New America and a Visiting Fellow at George Mason University's National Security Institute.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights