TI Safe

Class | Support & Admin | DL | Hub |

Technologies

Data Security

Secure Remote Access

In industrial environments, access to systems and data should be a point of extreme attention to ensure that valid remote access, widely used for Home Office, is not exploited by hackers. Recent news about the theft of sensitive data from global companies brings industrial espionage to the focus of the discussion. This issue is increasingly part of the real world of critical infrastructures since, in an extremely competitive and globalized market, ethical competition is often overlooked, causing the incessant search for secret information from competing companies. In addition, remote access to automation plants driven by the COVID-19 pandemic is a very high risk factor that must be minimized with the use of effective solutions.

Although remote access is already present in most companies, many weaknesses are related to this mechanism and significantly increase the risks for your plant:

  • Weak authentication: “User and Password” authentication can suffer from brute force attacks to the installation of keyloggers on remote users' machines;
  • Use of unreliable machines: a remote machine contaminated by malware can contaminate the control network and freeze the operation of the control systems;
  • Use of untrusted networks: the Internet and public wi-fi networks are insecure channels for transmitting data and can be spied on (using sniffers);
  • Vulnerable technologies: browsers are vulnerable and there are numerous attacks that exploit their weaknesses;
  • Little traceability: difficulties in identifying who accessed the network.

Most infections and cyber attacks exploit these vulnerabilities. According to the ISA / IEC-62443 standard, there are steps that must be followed to ensure the security of remote access. Are they:

Step 1: Identify user, computer and network: use double factor of authentication. Network authentication must take place over a secure connection using strong encryption;

Step 2: Users' credentials must be validated and must grant access to a segregated network: from that point, the user will be able to open a remote terminal service, which will allow him to access the systems authorized to him in the automation network;

Step 3: The terminal environment must be protected against malware, have specific access permissions for each user and constant monitoring (logs and session recording).

Figure: Steps to ensure remote access security.

 

To ensure security in remote access to automation plants, the TI Safe ICS-SOC team offers the ICS.SecureRemoteAccess solution, applicable to all critical infrastructures, and which implements all the security steps mentioned by the ISA-IEC- 62443. The figure below shows the solution architecture:

Figure: Operational architecture of the TI Safe ICS.SecureRemoteAccess solution

 

ICS.SecureRemoteAccess offers a secure means of communication between the remote user and the operational control center with a double factor of authentication. The solution is managed and monitored 24 × 7 by the TI Safe ICS-SOC team.

The deployment is done remotely and without the need to visit the customer's premises.

In addition to being necessary for remote work during pandemics, the solution also meets the requirements of LGPD, GDPR and meets the new cyber security network procedure for power plants that is being developed by ONS.

 

Cryptography and Digital Certification

Digital certification allows the transfer of existing credibility in the real world to the virtual environment. Trust and integrity are obtained by mathematical relationships, within the so-called Public Key Infrastructure (PKI). In Brazil, electronic documents signed with a valid digital certificate from ICP-Brasil have legal value, and are legally accepted in the same way as paper documents signed by pen and registered with a notary.

Security of systems based on digital certification is directly associated with the security of the storage of your private keys. These keys must be stored in Encryption Modules (Hardware Security Modules - HSMs), which guarantee its inviolability, besides offering performance in the tasks of encryption, digital signature and verification.

TI Safe has extensive experience in deploying Public Key Infrastructures that enable the use of digital certificates for signing and encrypting confidential documents and are used to ensure the integrity and confidentiality of documents, avoiding industrial espionage.

Photo: Encryption Modules (HSMs)