The Challenge

Securing OT (operational technology) systems hinges on creating robust isolation between OT and IT networks. However, remote access, while essential to modern IT and OT operations, introduces vulnerabilities. As NCSC guidance notes, if resources are accessible remotely, attackers may also exploit this access.

Standard users require seamless access to both internal services and external resources (like websites and email) from various locations, including corporate sites and home offices. In parallel, engineering staff, administrators, and even OT vendors need access to OT networks remotely, often requiring interaction with sensors, actuators, and other critical components.

This diversity in access needs calls for stringent separation of roles, devices, and networks to ensure the most sensitive assets are safeguarded against vulnerabilities in exposed systems.

Setting the Standard

For cyber resilience, organizations must make system compromise and disruption challenging for attackers, facilitate swift detection of compromises, and minimize impact. Given that the most sophisticated attackers increasingly include state-aligned actors, as highlighted by the NCSC, CNI entities need to design their systems with these threats in mind. The evolving regulatory landscape, including requirements like the Cyber Resilience Act, further underscores the need for comprehensive security protocols.

Don’t: Enable “Browse Up”

Organizations should consider internet-facing devices as low-trust entities. Allowing these to connect directly to operational systems creates a “browse-up” architecture, an NCSC-recognized anti-pattern. This approach, avoided in government-classified systems, similarly puts CNI assets at significant risk.

Do: Rely on Dedicated, Preferably Physical, Devices

Remote access sessions should originate from devices managed by the organization. Given the persistent threat of spear-phishing and targeted attacks, separating corporate functions from engineering tasks is crucial. For high-risk scenarios, dedicated Privileged Access Workstations (PAWs) provide heightened protection.

For OT access, a two-device approach can enhance security. Day-to-day corporate tasks can be conducted on one device, while a PAW, configured without internet or email access, is reserved for OT administration. This dedicated PAW should be locked down and adhere strictly to the principle of least privilege.

Do: Isolate OT and IT Networks

Effective remote access setups allow logical separation by function. For instance, control networks typically do not need access to email or other corporate resources.

The only secure method to connect from a remote location is through a corporately managed, dedicated network. This involves designated data flows from management devices to field sites via network controls hosted in corporate offices. Network boundaries should control data flows in and out of each physical location, ensuring robust defense.

Do: Implement Cross Domain Solutions (CDS) for High-Risk Networks

The NCSC advocates for CDS Gateways in high-threat, high-impact OT environments. By only allowing validated traffic across network boundaries, CDS Gateways provide a level of protection superior to systems that rely on anomaly detection alone.

Don’t: Rely Solely on Jump Boxes

NCSC advises against jump boxes or bastion hosts due to added complexity without proportional security improvements. Sophisticated attackers can bypass intermediary hosts and traverse laterally through networks.

Do: Strengthen Authentication

Remote access’s growing prevalence necessitates multi-factor authenticationDo: Implement Cross Domain Solutions (CDS) for High-Risk Networks (MFA), especially for third-party OT vendors. Ensure third parties access your environment securely and evaluate their security maturity rigorously. For example, promoting or mandating PAWs for vendors can strengthen security.

Do: Embrace Unified Management

Coherent management across IT and OT teams enhances cyber resilience. Effective organizations align on risk management strategies, applying them consistently across vulnerability management, configuration control, and asset control.

Final Thoughts

From our experience working with varied CNI organizations, we find that cyber resilience often reflects an organization’s mindset and culture. The highest-performing CNI environments adopt a mission-focused, risk-averse approach—a culture that can be nurtured across any organization. The NCSC’s guidance, grounded in world-class threat intelligence, can streamline efforts for all CNI operators aiming to bolster their cyber resilience.

Source: NCSC Blog on Secure Remote Access