Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Dave Weinstein
Dave Weinstein
Connect Directly
E-Mail vvv

Industrial Networks' Newest Threat: Remote Users

We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

With remote working becoming the norm, people need to have access to their organization's networks in order to get the work done, and need access to servers, email, and data without being in the office. But with the need for remote working and so many employees and full organizations working from home, remote access could also be opening up organizations to security risks.

When we look specifically at industrial networks and the organizations charged with maintaining, operating, and securing them, the security stakes become that much higher. Right now, it's more important than ever to make sure these networks are secure. These industrial networks — electrical grids, manufacturing plants, oil and gas, and transportation, among others — are critical to our nation's infrastructure, yet because of our rapidly shifting working environment, they are being accessed and sometimes maintained by people from all over the globe, not just on-site personnel. If these networks were to be compromised, it could be detrimental if a city's electrical grid were breached, or access to a manufacturing plant's systems got shut down. 

What's more, recent survey data from Claroty shows that 63% of US security professionals expect a major cyberattack to be successfully carried out on critical infrastructure within the next five years, showcasing the lack of confidence that cybersecurity professionals have in the safety and security of our industrial networks. In addition, 51% of industry practitioners in the US believe that today's industrial networks are not properly safeguarded and need more protection, while another 55% believe that our critical infrastructure is vulnerable to a cyberattack.

The stakes are high, and we know that remote working isn't going anywhere anytime soon, so it's increasingly crucial for industrial organizations to have a good hold on the safety of our infrastructure, and protecting their remote access points and remote users is critical in doing so.

While this may seem like an easy task, there are various remote access challenges that these organizations need to overcome.

The first challenge is strictly employee-related. As more employees are connecting to their networks from home, remote access risks are scary for any organization, and the stakes are that much higher for those working in critical infrastructure.

While remote access allows flexibility for employees unable to access offices, it also means that employees could be connecting to unsecured Wi-Fi networks or VPNs, perhaps without even realizing it. If their Internet connection is not safe, browser activity, passwords and sensitive corporate data could be left exposed or even vulnerable to malicious activity.

Another challenge organizations face is keeping their employees' passwords protected, as it is not uncommon for remote workers to share their passwords and logins via email, chat, text, etc. If these were to be accessed by the wrong person, fall into the wrong hands, or found by someone outside the organization, the company could be subject to hidden costs, data breaches, and a damaged reputation.

These challenges open up the possibility for a hacker or outside source to do some serious damage — even more so now that more people are remote. Imagine this: Cybercriminals with access to an employee's passwords (which they stole from the employee's session on an unsecured Wi-Fi network) could legitimately log in to the industrial organization's network and compromise critical processes in a factory or plant. This isn't a far-fetched scenario by any means; our recent survey also showed that 56% believe that hacking would be the most prevalent type of cyberattack on industrial networks in 2020, followed by ransomware (21%) and sabotage (12%).

In addition to the risks associated with employees, there are others posed by third-party vendors and contractors. Many industrial organizations use service providers or consultants to help monitor networks and provide additional support or services, and with the increase in remote work, these workers will request remote access to the organization's network. Because these vendors are not as directly connected to the internal systems as full-time employees are, their access may not be regulated or monitored as closely. This means that if malicious actors compromise their remote session, their access could be undetected for an indiscriminate amount of time, giving the attackers a potentially enormous window of opportunity to wreak havoc.

One of the other barriers facing third-party vendors is that setup for traditional network access is incredibly time consuming for system administrators, and therefore has not always been a high priority on their to-do lists. On the other side, since the vendor is not actually part of the organization, it may not take security as seriously as full-time employees.

In a world where outsourcing certain jobs to third parties is also increasingly commonplace, just like remote working, organizations need to place a greater emphasis on making sure that every individual with remote access, inside or outside the organization, is extensively trained and appropriately monitored with the proper security protocols.

The global effort to enable remote work as quickly as possible poses significant security challenges for organizations in all sectors, and the stakes are particularly high for critical infrastructure. To ensure organizations are doing all they can to secure their remote access, it's crucial to have a strong hold on network access and to make sure all remote sessions are monitored, whether they're internal or external.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Dave Weinstein is the chief security officer of Claroty. Prior to joining Claroty, he served as the chief technology officer for the State of New Jersey, where he served in the Governor's cabinet and led the state's IT infrastructure agency. Prior to his appointment as CTO he ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...