ICS/OT Cyber Resilience – Claroty’s Team82 Observes Remote Access Tool Sprawl

Remote access has become part of normal operations in industrial environments. The ability to remotely connect to a network adds a great deal of convenience for end users, engineers, systems administrators, integrators, and support vendors. However, it also provides an opportunity for threat actors to infiltrate the network. Methods of remotely connecting securely should be implemented to minimize risk.

Claroty’s Team82 recently published a report, The Problem with Remote Access Tool Sprawl revealing that organizations have far too many remote access solutions deployed within OT environments – upwards of 16 in some cases. This sprawl creates unneeded risk and operational burdens. Team82 analyzed a subset of EWS and HMIs from a sample of more than 125,000 OT assets, looking at the security of their internet connectivity and whether these systems contain a known exploited vulnerability.

Best practices for implementing secure remote access can be found in WaterISAC’s Cybersecurity Fundamentals for Water and Wastewater Utilities, Fundamental 2 | Minimize Control System Exposure, which also includes a Minimum Baseline Architecture for ICS/OT Secure Remote Access design diagram.

Additionally, securing remote access is covered in the SANS Five ICS Cybersecurity Critical Controls and is discussed further in Protecting Critical Water Systems with the Five ICS Cybersecurity Critical Controls, with video Module 4: ICS Secure Remote Access to be released on October 23, 2024 as part of the SANS WaterISAC Champion educational materials for WaterISAC members.