The proliferation of remote access into industrial control systems (ICS) and operational technology (OT) systems has created a significant vulnerability that cyberattackers are increasingly exploiting. This trend is alarming researchers and experts, who warn that the cleanup process will be complex and challenging.
A recent analysis conducted by Claroty’s Team82 revealed that a vast number of ICS networks are accessible through multiple remote access tools, with some organizations using up to 16 different tools. This widespread use of remote access tools presents a major security risk for industries across various sectors, including pharmaceuticals, consumer goods, food and beverage, automotive, oil and gas, mining, and manufacturing.
Tal Laufer, Claroty’s vice president of products, secure access, emphasized the critical importance of addressing this issue promptly. He pointed out that the use of multiple remote access tools can create significant security gaps that threat actors can exploit, putting organizations at risk of cyberattacks.
The Team82 report also highlighted the lack of basic security standards in many of the remote access management tools used by organizations. According to the report, 79% of surveyed organizations have more than two remote access management tools that do not meet enterprise-grade security standards. These tools often lack essential security features such as session recording, auditing, role-based access controls, and multi-factor authentication (MFA).
Cybercriminals have been quick to leverage these vulnerabilities, with several high-profile breaches attributed to misconfigured remote access tools in recent years. Incidents such as the Colonial Pipeline attack in 2021 and the Change Healthcare breach earlier this year have underscored the dangers posed by insecure remote access systems.
Despite the warnings from cybersecurity experts and government agencies, ICS/OT operators continue to struggle with securing their remote access infrastructure. The sheer number of remote access tools, combined with the lack of monitoring and control mechanisms, creates a fertile ground for adversaries to exploit security weaknesses.
To address this growing threat, experts recommend taking proactive steps to secure remote access for ICS/OT networks. The first step is to conduct a comprehensive inventory of all remote access tools used to access OT assets and ICS. Solutions that do not meet basic cybersecurity requirements should be identified and removed promptly.
Engineers and asset managers are advised to eliminate or minimize the use of low-security remote access tools in the OT environment, particularly those with known vulnerabilities or lacking essential security features like MFA. Furthermore, organizations should establish baseline security standards for their supply chain and govern the use of remote access tools connected to OT and ICS to enhance security throughout the network.
In conclusion, the widespread use of remote access tools in industrial environments poses a serious security risk that must be addressed urgently. By implementing robust security measures and adhering to best practices, organizations can mitigate the threat posed by cyberattackers targeting their ICS and OT systems.