Now that your OT remote access is secured, determine if the allowed remote access is necessary. Ideally user interactive remote access to OT for the purpose of performing control or administration should be rare. If this is the case, consider if it’s feasible to have OT remote access in a default off, physically disconnected position. Require an operator in the control room to turn it on when necessary, and after the appropriate procedure has been followed. This default off solution should also have an auto timeout to return it to the off position.
There are products for purchase that provide this default off remote access. You have an automation team, and it’s easy for them to build this OT remote access automation control.
Now that you’ve answered the “when” of OT remote access, look at the “who” and “what” of OT remote access. For each person or role that requires remote access, verify there is a suitable business need to accept the risk of remote access to OT.
I see a lot of OT remote access deployed for convenience. The employee doesn’t want to walk to the control room. I’ve even seen cases where an engineer has both an OT and IT computer on their desk and chooses OT remote access on the IT computer rather than switching back and forth between computers.
Consider these questions:
- Could the user perform this task on a computer on the OT network?
- Could the data the user needs be pushed to IT or the OT DMZ, so OT remote access is not required?
- Could a screen view capability be pushed to IT or the OT DMZ, so OT remote access is not required?
- Is a frequent OT remote access requirement a symptom of another problem that needs solving? For example, if the system frequently requires administrative off hour remote access to firefight problems, it may indicate you have an unreliable system, untrained staff, or not enough people on site.
- And most importantly, is the OT remote access configured with a least privilege methodology?
The answer to the least privilege question often has a bad answer from a security perspective. Remote access to address emergency situations often requires widespread administrative access to troubleshoot and address problems that require immediate attention.
_________
Document your OT remote access and create an action plan to address any remote access that should be eliminated or further restricted.
OT Remote Access When Who Why