Industrial/OT Cybersecurity for Connected Workers

Introduction

Connected workers are appearing in every industry and industrial activity. Off-site employees and vendors with remote access to OT systems are reducing facility downtimes and travel costs. Instant access to external resources and subject matter experts (SMEs) is improving the productivity of workers within plants. Connectivity is also enabling broader use of productivity-enhancing technologies, like cloud analytics and augmented reality.

Enabling connectivity within OT systems generates significant benefits, but it also increases the risks of serious cyber incidents. Every time an external device gains access to an OT system the risks of malware injection and data loss increase. Every time a worker uses and OT device to access the internet a new pathway is opened for external attacks.

The purpose of this survey is to understand what companies are doing to address the cyber risks of connected worker activities. You will receive a report of the findings so you can understand how your connected worker OT cybersecurity strategy compares with peers, identify weaknesses, and justify investments to close critical gaps. Survey results will also be shared with industrial cybersecurity attendees at the ARC Forum in Orlando Florida.

Privacy: Your privacy is assured, and your identity will not be released to others. Your responses and the responses of your peers will only appear as aggregated information in the report you will receive for taking this survey. If you have questions about the survey, please contact Sid Snitkin at srsnitkin@arcweb.com.

Question Title

* 1. Please indicate the kinds of connections your company allows into OT systems.

On-site employees connecting personal devices to plant OT systems (BYOD support)

Off-site employees connecting personal devices to OT systems through public networks (Off-site and Home workers)

On-site service providers connecting their own devices to plant OT systems (Local vendor support)

Off-site service providers connecting to plant OT systems through public networks (Remote vendor support)

Other (please specify)

None of the above

Question Title

* 2. Please indicate the kinds of external access on-site personnel have through OT system devices.

Interactions with corporate IT applications and data

Interactions with corporate cloud applications and data

Ability to view third-party websites

Ability to perform downloads from third-party websites

Ability to interact with off-site employees using video collaboration tools

Ability to interact with off-site third-party personnel (Vendors, SMEs, etc.) using video collaboration tools

Other (please specify)

None of the above

Question Title

* 3. Please indicate the things you are doing to protect your OT systems from untrustworthy "on-site" users. (Off-site users are addressed in the question on Secure Remote Access)

On-site personnel - Physical security checks before entering facilities

On-site employees - Multi-factor authentication for login to certain devices/apps

On-site employees - Adaptive access privileges based on context, behavior, etc.

On-site service providers - Multi-factor authentication to gain OT network access

On-site service providers - Multi-factor authentication for login to certain devices/apps

On-site service providers - Adaptive access privileges based on context, behavior, etc.

On-site service providers - Recording of session activities

On-site service providers - Session termination based on time, conditions, etc.

Other (please specify)

None of the above

Question Title

* 4. Please indicate the things you are doing to address the risks of unauthorized devices gaining access to OT networks.

Automatic detection and notification of new devices on OT networks

Password-based Network Access Control (NAC)

In-line access approval by someone in the organization

Device security compliance checks before granting access

Access privileges that reflect user role - employee, contractor, guest, etc.

Access privileges that reflect other factors like time, location, etc.

Micro-segmentation capabilities that restrict visibility and access to only those devices and network segments authorization

Other (please specify)

None of the above

Question Title

* 5. Please indicate the things you are doing to control the risks of compromised personal and vendor devices.

Only allow access for corporate managed devices

Require employees to install software on personal devices so that the company can enforce compliance with corporate security policies regarding apps and data security

Require vendors to have software installed on any devices they want to connect to OT systems so that the company can enforce compliance with corporate security policies regarding apps and data security

Other (please specify)

None of the above

Question Title

* 6. Please indicate what you are doing to reduce the risks of confidential information loss through connected worker activities.

Employees - Require software on personal devices to protect corporate data that may be downloaded (encryption, separate partitions, etc.)

Employees - Restrict operations that can be performed when using OT system devices to connect with external sites (e.g. no file transfers)

Vendors - Require software on devices that allows the company to enforce compliance with corporate data management policies

Vendors - Restrict operations that can be performed with personal devices (e.g. no downloads of data, etc.)

Other (please specify)

None of the above

Question Title

* 7. Please indicate what you are doing to manage the security risks of remote access into OT systems.

All remote sessions have to go through IT security defenses and only enter OT through secure IT-OT connections

Use of a DMZ layer in the OT system

Use of VPN firewall(s)

Multi-factor authentication of users before granting access

Validation that user devices comply with corporate security policies before granting system access

Use of Secure Remote Access Proxy Server(s) to manage device access, hide real IP addresses, etc

Use of outbound only connections - sessions initiated by devices in the control networks

Ushered access - access must be granted by someone, monitoring of actions by someone on-site

Session command filtering to block unapproved actions

Session recording and termination capabilities

Privileged access management (real device/application credentials are hidden from remote users)

Least privilege access control (automatic privilege escalation/de-escalation to control access, reduce chances for lateral movement, etc.)

Other (please specify)

None of the above

Question Title

* 8. Please indicate what you are doing to protect systems against attacks when "on-site" personnel use OT connected devices to interact with external resources (sites and people).

DNS layer security to prevent misdirection of connections to fake sites

URL filtering to constrain access to approved sites

Cloud access security broker

Filtering and control of use of collaboration and social media tools

Data Loss Prevention software

Remote Browser Isolation (to avoid compromises of system device)

Malicious code detection for downloads

Other (please specify)

None of the above

Question Title

* 9. What roles do IT and OT security teams play in securing OT connected worker activities?

IT manages all connected worker security, including OT connected workers

IT and OT share responsibility for OT connected worker security

OT is responsible for meeting IT-defined connected worker security requirements

OT has sole responsibility for OT connected worker security

Other (please specify)

None of the above

Question Title

* 10. Which of the following best describes the principal industry of your organization?

Question Title

* 11. What is your Region?

North America

Europe, Middle East & Africa

Asia

Latin America

Question Title

* 12. Is your company a Supplier of Technology or Services, or an End User of Technology or Services?

Supplier of Technology or Services to this Market

End User of Technology or Services

Other (e.g. Media, Financial, etc. please specify)

Question Title

* 13. Please provide the following

Your Name

Your Title

Your Company

Thank you for contributing to this survey.

Question Title

* 14. Please provide your email, so we can send you the survey report

Question Title

* 15. May we contact you to discuss your responses (and share findings)?

Yes

Question Title

* 16. Would you be interested in receiving information about ARC's cybersecurity services?

Market Analysis Reports

Advisory Services

ARC Events (ARC Forums, Webinars, etc.)

Custom Research

Other (please specify)

None of the above