Security

Managing Operational Technology (OT) Networks Remotely Without Introducing Intruders

01.10.2021 - In February 2021, an unidentified intruder gained access to the network systems of a US water treatment plant in Oldsmar, Florida, and briefly altered the chemical levels in the drinking water. Fortunately, an employee noticed the intrusion attempt and acted immediately. This incident sparked many discussions on the topic of cybersecurity in operational technology (OT) environments within the media and the industrial sector.

By adapting to the digital transformation, OT network infrastructure starts to grow in scale and becomes increasingly complex and interconnected. A single point of failure could bring tremendous harm to the whole networking system, so ensuring maximum network uptime is critical to keep business going smoothly. Remote network management is becoming an invaluable tool for handling emergencies quickly and efficiently. However, there are multiple obstacles hampering the use of remote services, with cybersecurity being the biggest concern. Cyberattacks are a common occurrence nowadays and, without cybersecurity, the door is set wide open for malicious individuals to take advantage of vulnerable networks. Looking back at the Florida water treatment facility case, the FBI assessed that the intruder likely accessed the facility’s systems by exploiting cybersecurity weaknesses including poor password security and the lack of firewall protection when logging in to the plant’s systems remotely, as well as using unsafe remote access software.

Pay Special Attention to OT Requirements

Considering the requirements of secure remote network management, everyone is looking for a solution that could help simplify daily operations without having to worry about cybersecurity. While there are many pieces of software available designed for remote access or network management, they often cater to IT networks and are rarely part of larger, consolidated solutions. However, OT and IT networks have different characteristics and priorities. While IT prioritizes data confidentiality, OT focuses on network availability and zero tolerance for downtime. This difference in approach makes it difficult for OT networks to adopt IT practices. Another hurdle is that many automation engineers are not familiar with VPNs or know the public IP necessary for setting up remote access.

Convenient and Secure Remote Maintenance in Practice

Cybersecurity remains the number one concern for OT engineers. A solution with flexible access control could fulfill different OT scenarios and enhance network security. For example, customizable access control lets facility owners decide when and for how long third-party engineers can access their network. Furthermore, access can be restricted to specific network areas. These measures can ensure the safety of their network when opening the door for remote maintenance services. Remote services for OT should also be accessible and easy to use. An ideal solution lets OT engineers easily set up remote ­access when needed, even if they are not familiar with VPNs or know the public IP.
With purpose-built and consolidated solutions, different players in the OT world would be able to enjoy the benefits of remote network management. Let us take a look at how this works in two different customer scenarios.

Facility Owners

Manufacturers with facilities scattered across multiple locations require expansive networks to sustain operational effectiveness and efficiency. To manage such large and disperse networks, the network management software installed at the remote sites monitors the local network and sends data back to the HQ control center through an encrypted tunnel. This gives engineers a complete view of the network from a central location for remotely managing operations at each site. If any incident occurs, engineers at the headquarters can remotely access the on-site network device via a secure VPN connection or call in the help of third-party support services if necessary using an on-demand encrypted VPN tunnel.

Service Providers/System Integrators

To better help their customers manage and maintain their network smoothly, network service providers require a simple solution to respond to service requests from multiple customers and solve issues as quickly as possible. Real-time remote service allows service providers to overcome geographical limitations and streamline their customer service. An on-demand encrypted VPN tunnel can let support engineers easily access the network management software at the customer’s site without jeopardizing the safety of the customer’s network.
 The new normal has accelerated the digital transformation of many industries and has completely changed the way we work. Moxa has put together an application note to let you learn more about how you can leverage remote network management and tackle the challenges of the digital ‘new normal’ without worrying about cybersecurity. It can be viewed via the link below.

Contact

Moxa Europe GmbH

Einsteinstrasse 7
85716 Unterschleissheim
Germany

+49 89 37003 9940

Sonderheft 30 Jahre GIT SICHERHEIT

The trade magazine GIT SICHERHEIT is celebrating its 30th anniversary in October

Infos for the 30 Year GIT SICHERHEIT issue

Mediakit

Media Kit GIT SECURITY 2020 - Media Kits all publications

Download

Sonderheft 30 Jahre GIT SICHERHEIT

The trade magazine GIT SICHERHEIT is celebrating its 30th anniversary in October

Infos for the 30 Year GIT SICHERHEIT issue

Mediakit

Media Kit GIT SECURITY 2020 - Media Kits all publications

Download