The COVID-19 health crisis has taken its toll on many industries, including manufacturing, forcing several significant sea changes that will become the new normal. While the manufacturing sector is dealing with slowdowns in activity due to the health crisis, another massive shift is the increase in remote workers, a trend not usually associated with manufacturing. This is especially true as it pertains to technicians having to service Industrial-Internet-of-Things (IIoT) and industrial-control-system (ICS) devices. As secure remote access increases for manufacturers, IT managers will need to impose more granular access controls regarding who, what, when and how ICS devices can be managed remotely.
Of course, remote workers in manufacturing include administrative employees, as well as technicians, and therefore the security protocols will also have to be put into effect for the entire company. However, the IIoT/ICS devices will have more significant challenges. Cybercriminals are taking advantage of any endpoint weakness. Meanwhile, millions of employees log into IoT devices over corporate VPN during the pandemic, increasing the risk of identity theft, ransomware and data breaches. A solid security plan can prevent that from happening.
IT, meet OT
Along with Industry 4.0 trends and the convergence of IT and operational technology (OT) environments, ICS infrastructure is becoming more connected to the outside world in order to enable production analytics and optimization. This will also require converging IT and OT monitoring, security and, in particular, remote and on-premise access control capabilities. Many organizations are looking at network-access-control (NAC) technology to bridge that gap in order to offer user, endpoint and IoT/OT device visibility and threat response. This allows manufacturers to anticipate tighter controls on how ICS devices are securely accessed.
In addition, IT departments will need to account for any service access and implement security solutions that provide user and device authentication and operation visibility. This requires continuous user authentication and device security posture assessment functions to reduce risks such as phishing, ransomware and unauthorized access.
Checklist for a remote operations plan
While many manufacturers have added capacity for secure remote access in the wake of the COVID-19 crisis, they should also consider escalation processes and capabilities to ensure emergency access by privileged user and service technicians. This is not going to be an easy process, so manufacturing organizations should work with their IT departments and vendors to come up with a plan that enables a long-term remote work situation and look at the following steps:
- identify key applications and resources, especially across the IT and OT environments, that will require increased capacity and apply to an emergency capacity plan
- implement license and capacity shifting options to handle burst utilization for remote workers and services
- establish emergency communications among the manufacturer’s supply chain to ensure systems are working and issues can be prevented or alleviated.
[javascriptSnippet ]
VPNs and next-generation firewalls
[pullquote]Access security migration from firewalls to best-in-class secure access platforms: Many companies have activated SSL-VPN functions within the next-generation firewall (NGFW). While firewalls offer basic tunneling services, the increased resource strain from SSL and tunnel management degrades performance and scalability.
Utilize modern VPN solutions: As companies increase the number of remote users and applying granular access controls against multiple application and resource requests, the added volume requires a significant increase in NGFW capacity, requiring the purchase and management of more NGFW appliances and licenses. NGFWs do not deliver the level of application support, performance, identity, endpoint compliance and other security features that a dedicated, modern VPN solution can offer. In addition, organizations want to avoid vendor lock-in and move to dedicated, best-of-breed, interoperable secure access solutions.
The new normal of work-from-home and other remote operations, even in the manufacturing sector, may be a long-lasting trend that requires a good re-think. The critical first step is to ensure the communication between IT and OT is fully secure. Securing a remote workforce does take a bit of planning and effective communications, but, in the end, employee productivity and business continuity can remain intact despite the global health crisis issues at hand.
