Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Dave Weinstein
Dave Weinstein
Connect Directly
E-Mail vvv

Industrial Networks' Newest Threat: Remote Users

We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

With remote working becoming the norm, people need to have access to their organization's networks in order to get the work done, and need access to servers, email, and data without being in the office. But with the need for remote working and so many employees and full organizations working from home, remote access could also be opening up organizations to security risks.

When we look specifically at industrial networks and the organizations charged with maintaining, operating, and securing them, the security stakes become that much higher. Right now, it's more important than ever to make sure these networks are secure. These industrial networks — electrical grids, manufacturing plants, oil and gas, and transportation, among others — are critical to our nation's infrastructure, yet because of our rapidly shifting working environment, they are being accessed and sometimes maintained by people from all over the globe, not just on-site personnel. If these networks were to be compromised, it could be detrimental if a city's electrical grid were breached, or access to a manufacturing plant's systems got shut down. 

What's more, recent survey data from Claroty shows that 63% of US security professionals expect a major cyberattack to be successfully carried out on critical infrastructure within the next five years, showcasing the lack of confidence that cybersecurity professionals have in the safety and security of our industrial networks. In addition, 51% of industry practitioners in the US believe that today's industrial networks are not properly safeguarded and need more protection, while another 55% believe that our critical infrastructure is vulnerable to a cyberattack.

The stakes are high, and we know that remote working isn't going anywhere anytime soon, so it's increasingly crucial for industrial organizations to have a good hold on the safety of our infrastructure, and protecting their remote access points and remote users is critical in doing so.

While this may seem like an easy task, there are various remote access challenges that these organizations need to overcome.

The first challenge is strictly employee-related. As more employees are connecting to their networks from home, remote access risks are scary for any organization, and the stakes are that much higher for those working in critical infrastructure.

While remote access allows flexibility for employees unable to access offices, it also means that employees could be connecting to unsecured Wi-Fi networks or VPNs, perhaps without even realizing it. If their Internet connection is not safe, browser activity, passwords and sensitive corporate data could be left exposed or even vulnerable to malicious activity.

Another challenge organizations face is keeping their employees' passwords protected, as it is not uncommon for remote workers to share their passwords and logins via email, chat, text, etc. If these were to be accessed by the wrong person, fall into the wrong hands, or found by someone outside the organization, the company could be subject to hidden costs, data breaches, and a damaged reputation.

These challenges open up the possibility for a hacker or outside source to do some serious damage — even more so now that more people are remote. Imagine this: Cybercriminals with access to an employee's passwords (which they stole from the employee's session on an unsecured Wi-Fi network) could legitimately log in to the industrial organization's network and compromise critical processes in a factory or plant. This isn't a far-fetched scenario by any means; our recent survey also showed that 56% believe that hacking would be the most prevalent type of cyberattack on industrial networks in 2020, followed by ransomware (21%) and sabotage (12%).

In addition to the risks associated with employees, there are others posed by third-party vendors and contractors. Many industrial organizations use service providers or consultants to help monitor networks and provide additional support or services, and with the increase in remote work, these workers will request remote access to the organization's network. Because these vendors are not as directly connected to the internal systems as full-time employees are, their access may not be regulated or monitored as closely. This means that if malicious actors compromise their remote session, their access could be undetected for an indiscriminate amount of time, giving the attackers a potentially enormous window of opportunity to wreak havoc.

One of the other barriers facing third-party vendors is that setup for traditional network access is incredibly time consuming for system administrators, and therefore has not always been a high priority on their to-do lists. On the other side, since the vendor is not actually part of the organization, it may not take security as seriously as full-time employees.

In a world where outsourcing certain jobs to third parties is also increasingly commonplace, just like remote working, organizations need to place a greater emphasis on making sure that every individual with remote access, inside or outside the organization, is extensively trained and appropriately monitored with the proper security protocols.

The global effort to enable remote work as quickly as possible poses significant security challenges for organizations in all sectors, and the stakes are particularly high for critical infrastructure. To ensure organizations are doing all they can to secure their remote access, it's crucial to have a strong hold on network access and to make sure all remote sessions are monitored, whether they're internal or external.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Dave Weinstein is the chief security officer of Claroty. Prior to joining Claroty, he served as the chief technology officer for the State of New Jersey, where he served in the Governor's cabinet and led the state's IT infrastructure agency. Prior to his appointment as CTO he ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...