Protect Your OT Systems

Providing remote workers with the access they need to IT and OT systems presents several challenges for those responsible for network security.

The pandemic has forced organizations to rethink traditional work environments and many employers are seeing the benefits of a remote workforce.

In a recent forecast, Global Workplace Analytics (San Diego, globalworkplaceanalytics.com) predicted that by 2022, 25% to 30% of employees will be working remotely multiple days a week.

Whether you call it smartwork or homework, it’s a trend that’s likely to stick around. In the United States, pre-coronavirus, 3.6% of employees worked from home half or more of the time, while 80% would prefer to work remotely at least sometimes.

While this sounds great for employees, all is not so rosy for employers. The chief information security officers (CISO) responsible for the resilience of OT systems now face an even greater dilemma: How do they keep critical systems operating 24/7 when employees are encouraged or mandated to work from home, and are highly dependent on secure connectivity to function normally?

Much of the answer lies in opening up systems that are traditionally closed to the outside world to allow remote management. To achieve this, CISOs need to balance safety, productivity, and cybersecurity risk. Even the slightest oversight can open the door to cyber risks, and potentially cause harm to employees, company reputation, and revenue.

The large number of open connections from remote workers back to the enterprise or operational technology (OT) systems introduces cyber risks. Some corporate leaders may not be prioritizing cybersecurity as they scramble to keep their businesses running; not realizing that threat activities carry on—and are sometimes heightened—during times of crisis.

Here are some recommendations to strengthen an organization’s security posture when exposed by an increase of employees working from home:

• Increase visibility into the OT environment by using passive traffic monitoring to identify and baseline critical assets and operational states.

• Bolster detection capabilities with anomaly-detection technology in IT and OT environments.

• Apply a health check to network infrastructure and ensure correct network segregation and firewall policies are in place.

• Ensure all devices and services are patched. It’s also important to shorten patch cycles, particularly for those that protect remote infrastructure. Where appropriate, use virtual patching to complement existing patching processes until a permanent patch can be implemented.

• Deploy a resilient backup policy that supports quick access to affected files.

• Perform asset hardening to disable services used by ransomware for propagation. EP

This article is an excerpt from the blog post The Remote Access Genie is Out of the Bottle—Protect Your OT Systems, by Patrick Bedwell, Sr. Director Product and Partner Marketing at Nozomi Networks, San Francisco. For more information about IT and OT network solutions, visit nozominetworks.com.