-2

Question: Are there secure software solutions or approaches to provide remote access to systems that customers are really worried about being hacked? I did quite a bit of googling but I am probably not looking for the right terms, most people talk about VPN's, etc. But this doesn't seem to be good enough for highly-critical infrastructure systems. Can you maybe point me in the right direction?

Background info: I regularly have to work on various projects where we build industrial control systems. Without going too much into details, basically, it's a mini-network with some Windows servers and work stations, some specialised industrial control equipment (PLC's) plus generally some network switches, etc. These kinds of systems are used to control factories, water-treatment plants, etc. Generally, they run unattended or with some operator intervention to control some manufacturing process. So there is usually no engineer present. Occasionally, things can go wrong and they need someone who knows the system to attend and fix a coding error or make some code changes. Years ago, we would usually have a fairly simple RDP connection to one of the workstations inside this setup from where we can do our changes. Lately, everyone has rightfully been worrying more and more about security (see Stuxnet) and more and more end-users are starting to lean heavily towards "air-gaping" these kinds of systems. It gives them a lot more peace of mind as they are pretty confident they won't get hacked. But this is where I have a problem. If the system is completely air-gapped, someone has to physically go there in order to address any issues or make any changes. This can be god knows where in the world, sometimes hours or even days of travelling. Hence the question above...

n_lev
  • 1
  • 7
    "_If the system is completely air-gapped, someone has to physically go there in order to address any issues or make any changes._" Exactly. That is the entire point of an air-gap system; there is no other way to communicate with it. Having a way to communicate from outside means that it is _not_ an air-gap. Even allowing a foreign host (laptop, etc.) to be able to come in and physically connect is not actually allowed because that introduces a security risk. – Ron Maupin Nov 16 '19 at 18:00
  • Air gapping is the most secure but by definition the opposite of what you are asking about. Secure systems are built in layers. Access via a VPN is ordered if magnitude more secure then vnc/rdp. Firewalling to specific IPs is helpful, as are dedicated leased lines. Systems which periodically call out rather then accept inbound requests might be useful, as might bastions (bastions are intermediate boxes youbcinnect to in order to then connect to the network. They are analogous to firewalls - and should be deployed with firewalls - but work at a different layer). Also, MFA. – davidgo Nov 16 '19 at 18:48
  • Thanks for some pointers @davidgo I will dig more into the things you mentioned! – n_lev Nov 17 '19 at 12:03

2 Answers2

2

If the system is completely air-gapped, someone has to physically go there in order to address any issues or make any changes.

Better to be inconvenient than to be breached. Whatever your cost is to travel to and from these systems, it ought to be included in your service, support, or maintenance contracts.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • I agree, and it is always the case (costs included) but sometimes these costs are nothing when compared to the cost of the production down-time. In these scenarios the end-client has to hire permanent support staff, etc. It just becomes more and more of a pain. I am just really struggling to believe that there are no good, already existing solutions for this kind of thing. I am sure I am not the first person in the world with this problem... – n_lev Nov 17 '19 at 12:00
0

Air gap helps, but alone does not make you secure. Stuxnet can be delivered with removable media, crossing air gaps.

Security is achieved through comprehensive risk assessment and process analysis.

As a baseline, actions to take include hygiene things like applying security patches and network segmentation. In addition, the risks to personal and public safety are significant, thus why access to the control network is typically extremely restricted. You better have very good controls around that remote access, or you will need to explain why a "cyber" attacker took down the water treatment plant.

Industry has advice about approaching this process. From the USA, NIST has a Guide to Industrial Control Systems (ICS) Security.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34