Article by Leon Poggioli, ANZ Regional Director at Claroty

Traditional manufacturing plants and OT (Operational Technology) networks had no internet connectivity. They could run in a semi-isolated fashion, and there was little risk of a cyberattack. As the modern OT network becomes more digitised and technology-enabled to leverage AI and increased automation, they are now experiencing a much higher level of cyber risk.

Traditional plants were operated very much onsite, with access controlled by strong physical mechanisms like site inductions and physical security methods permitting people to attend the site, make changes and operate the facility.

The digital transformation now underway in OT networks has resulted in far more digital connectivity, with a greater focus on safety and productivity meaning more work is completed via digital methods – either by operators onsite, remote workers and 3rd party contractors, or remote machine-to-machine connectivity, with things like cloud-based AI analytics which optimise plant infrastructure.

Traditional methods of access to these networks have not kept up with the digital transformation underway in OT. Password-sharing continues as a common practice, and many devices remain configured with default credentials. One recent example where this occurred was the cyberattack on Unitronics devices used by Water Authorities in the United States, which were directly exposed to the internet with default credentials configured.

Some more mature organisations use a complex web of jump-boxes and VPNs to broker access to key systems in a zoned OT network, making it difficult to administer and maintain strict zero trust access to critical systems, not to mention the impact to useability as users need to log in via multiple hops to perform the work they need to perform.

The digital transformation underway in cyber-physical networks demands a better approach to broker access securely to critical production systems, without compromising useability or adding unnecessary complexity. 

Users should demonstrate compliance with both internal corporate governance, as well as external regulations, which are expected to become more sophisticated with the introduction of the SOCI Act in Australia and more attention paid to the regulation of cybersecurity in critical infrastructure systems.

There are a few reasons why traditional IT security tools aren’t sufficient for cyber-physical systems. Traditional security tools are designed with a focus on useability, with user privileges set by each application. These applications are regularly updated, and designed for access anywhere in the modern world, where employees expect to work from anywhere.

In the cyber-physical world, many systems are decades old and are optimised for availability over cybersecurity. There is a higher reliance on 3rd-party external vendors to log in and make specific changes related to work projects, so it makes sense to limit access to the specific time window on the permit to work, with access to only the specific server that the user needs to access.

I’ve had customers admit to me on more than one occasion that if they don’t provide a corporate-sanctioned remote access solution to their OT environment, the site people will just put in their own – and it will be less secure, less safe, with no ability to audit for security risks.

Access to critical cyber-physical systems isn’t limited to user access to a system. Often, a specific piece of work will relate to updating the software on a production system (for example, to patch a critical vulnerability). This has traditionally been accomplished by inserting USB sticks directly into machines, or open FTP servers on-site allowing workers to upload any file without scanning it for malware.

Modern OT networks in manufacturing demand modern, secure access to those production systems, whether onsite, remote, or connected machine-to-machine. This allows organisations to implement simplified controls governing true zero trust network access, and strong identity governance for OT users, with strong identity governance aligned with the cyber policies of your organisation.

As OT networks become more digitised, a strong cybersecurity policy for users is critical to safely enable that transformation, and the right cybersecurity technology can support that transformation, while simplifying user access and delivering a world-class cybersecurity governance over who has access to which of your production systems.