ICS/OT Security

Research From Claroty's Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets

May 24, 2024

5 Min Read

PRESS RELEASE

NEW YORK, May 21, 2024 /PRNewswire/ -- Claroty, the cyber-physical systems (CPS) protection company, today announced new proprietary data revealing that 13% of the most mission-critical operational technology (OT) assets have an insecure internet connection, and 36% of those contain at least one Known Exploited Vulnerability (KEV), making them both remotely accessible and readily exploitable entry points for threat actors to disrupt operations. To address these risks fueled by the growing adoption of remote access technologies in CPS environments, Claroty today launched its newly enhanced Claroty xDome Secure Access (formerly Claroty Secure Remote Access). The solution balances frictionless access and secure control over interactions to CPS, thereby enhancing productivity, reducing complexities and risk, and ensuring compliance across first- and third-party users.

According to Gartner, "While CPS technologies (often interchangeably called OT/IoT/IIoT/ICS/IACS/SCADA, etc.) that support production or mission-critical processes were initially deployed in isolation, they have become increasingly connected to each other and to enterprise systems. In addition, organizations now need OEMs, contractors and employees to operate, maintain and update them from afar."1

To shed light on the security implications of this increased connectivity, Claroty's award-winning research group Team82 analyzed a sample of over 125,000 OT assets, their internet connection, and exploitability. Key findings include:

3.7% of all OT assets have an insecure internet connection, meaning they communicate with the internet generally, excluding unidirectional, manufacturer, and endpoint security communications, allowing attackers to easily scan the IP address space to find and attempt to access them remotely.
13% of engineering workstations (EWS) and human-machine interfaces (HMIs) have an insecure internet connection. These linchpin assets are used to monitor, control, and update production systems, and because they can connect up and down the Purdue Model architecture for ICS and in some cases to the enterprise IT network, attackers can use them as an initial foothold for lateral movement.
36% of insecurely internet-connected EWS and HMIs contain at least one KEV. The combination of high criticality, high exposure, and high exploitability makes these assets prime targets for threat actors seeking to maximize operational disruption.
"Our research supports the notion that increased remote access translates to an expanding attack surface and greater risk of disruption to critical infrastructure, which can ultimately impact public safety and the availability of vital services," said Amir Preminger, vice president of research for Claroty's Team82. "As remote access to mission-critical OT assets such as EWS and HMIs is now the standard operating approach, organizations must ensure they are equipped to grant access to specific assets intentionally and on a least-privileged basis."

Learn more about Team82's findings in the report, "An Open Door."

Balancing Frictionless Access and Secure Control

Per Gartner, "While [operating, maintaining, and updating CPS from afar] was historically done with VPN and jump-server-based approaches, these have proven increasingly unsecure and complex to manage. VPN vulnerabilities have multiplied in recent years, leading to exploitation and emergency directives such as CISA's ED-24-01.1 In addition, most VPNs provide broad network access, and efforts to restrict this broad access at a more granular level leads to complex and costly oversight."2

To address the unique and complex security challenges posed by the rise in CPS remote access, Claroty's xDome Secure Access solution is purpose-built for the specific needs of the OT domain. It operationalizes the right balance between frictionless access and secure control over third-party interactions with CPS, thereby enhancing productivity, reducing complexities and risk, and ensuring compliance across first- and third-party users. By integrating foundational security principles such as Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Zero Trust Network Access (ZTNA), Claroty xDome Secure Access sets new standards for resilience and operational excellence in the CPS landscape.

Key benefits include:

Increase productivity: Seamless access for both first- and third-party users effectively reduces Mean Time to Repair (MTTR) by facilitating quicker issue resolution, operating under low bandwidth conditions, ensuring high system availability, and upholding critical site survivability.
Reduce risk: The solution incorporates a tailored Zero Trust framework, PAM capabilities, and IGA functionality to enhance incident management, access controls, and system monitoring, ultimately minimizing risks and safeguarding critical assets, so organizations can manage and govern the entire identity lifecycle, from initiation to retirement, with the utmost precision and security.
Reduce complexity: Significantly reduce administrative complexity with a scalable, cloud-managed architecture that offers the flexibility to operate seamlessly both on-premises and in the cloud. The solution also simplifies administrative tasks that require constant operational control by integrating seamlessly with Identity and Access Management (IAM) tools, enhancing identity management, and enabling centralized site management and policy creation.
Maintain compliance: The solution adheres to key compliance standards and provides the necessary controls for real-time logging and auditing of user identities, which is crucial for maintaining comprehensive audit trails and meeting regulatory requirements, protecting your organization against potential legal and financial penalties.

"Frictionless access to industrial CPS assets is essential to maximize business outcomes, yet many OT assets were historically insecure by design. Safe and secure CPS access requires precise access management, identity management, privileged access, and identity governance capabilities – all built for the exacting operational requirements, environmental constraints, and risk tolerances unique to OT environments. Every access to an OT asset is privileged access by definition as they have the potential to impact safety and availability," said Grant Geyer, chief product officer at Claroty. "Claroty xDome Secure Access not only provides frictionless access to maximize productivity, it also does so with built-in security that is invisible to the operator which is crucial for safeguarding critical infrastructure."

To learn more about Claroty xDome Secure Access:

Read the Claroty xDome Secure Access solution overview or the Claroty blog
Register for the webinar, "Zero Trust Meets Privileged Access for Enhanced Operational Resilience," on June 13, 2024 at 11:00 a.m. EDT

About Claroty

Claroty empowers organizations to secure cyber-physical systems across industrial, healthcare, commercial, and public sector environments: the Extended Internet of Things (XIoT). The company's unified platform integrates with customers' existing infrastructure to provide a full range of controls for visibility, exposure management, network protection, threat detection, and secure access. Backed by the world's largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York Cityand has a presence in Europe, Asia-Pacific, and Latin America. To learn more, visit claroty.com.

Related Topics

Related Topics

Related Topics

Related Topics

Research From Claroty's Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets

Editor's Choice