Page 27 - Cyber Defense eMagazine June 2020 Edition
P. 27
Being Inside the Physical Perimeter Means Risk
The response to COVID-19 forced businesses to scramble to keep employees productive as they
transitioned from the office to home workstations. Fortunately, most office employees can remain
productive by using videoconferencing and familiar applications that are highly scalable in cloud-based
SaaS offerings. The security for these productivity suites is built into the application — easy.
But what about highly skilled technical employees who need access to systems that run only on corporate
networks? These include sensitive ICS like cooling, power, and humidity. How can a CISO ensure only
the right people have access at the right time and for the right purpose? In the pre-COVID world, the
employee had to be on-site to access the system. Keeping employees together on-site is no longer a net
benefit to security. The potential for infection and loss of key personnel is too great.
In addition, most data centers and other ICS facilities have been relying on an outdated contractor service
model, where in the interest of efficiency, specialized technicians travel from facility to facility in an
ongoing cycle of install, repair, and update. In a pandemic environment, each visit by a technician is an
opportunity for the virus to spread. The visiting technician model creates real cross-contamination risk
within campuses and across regions. One contagious technician could potentially visit multiple sites in
the course of several days with the potential to knock out dozens of those sites before he knows he is
contagious.
This, in a nutshell, is why CISOs need to reprioritize remote access for as many users as possible. If an
employee, especially a highly skilled technician, can operate off-site, the contamination risk goes down
and resilience goes up.
Rethinking Remote Access Tools
As the foundation of our digital critical infrastructure, data center operations teams have so far met the
pandemic’s immediate needs — scaling up clients to deal with shifting demand and a newly remote
workforce, to name a few. But the fact is that geopolitical tensions are rising and cyber conflicts between
rival powers are transitioning from a simmer to a low boil. Reports from reliable sources, including
government agencies and private threat intelligence firms, reveal a disturbing uptick in activity from
China, Russia and North Korea. As we grapple with the real health threats caused by the pandemic, we
can’t forget that adversaries are lurking in the wings, waiting for us to look away so they can get inside
our critical infrastructure and potentially do damage.
In the past, practically the only option for CISOs was to allow remote access through a traditional VPN.
Unfortunately, nation state actors are known to have exploited vulnerabilities in legacy VPN technologies
to steal credentials and gain access to sensitive systems. In October 2019, the UK’s National Cyber
Security Center warned that Chinese intelligence agencies had used these tactics. The US Department
of Homeland Security and National Security Agency issued similar warnings.
Far too many data centers and ICS facilities are burdened with legacy VPN systems, which are simply
not designed to meet today’s risks. They are incompatible with new technology, lack scalability, and
expose the companies using them to regulatory and compliance risks. In addition to being vulnerable to
Cyber Defense eMagazine –June 2020 Edition 27
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
