As critical infrastructure organizations look for solutions to protect cyber-physical systems (CPS), they may be surprised where their search takes them.
For one, the traditional remote access solutions they may rely on to protect IT-centric systems won’t offer the protection they need for CPS environments, This is due to the fact that access solutions such as jump servers or VPNs are ineffective for the unique constraints presented by CPS environments. Neither, for example, offer the monitoring or auditing capabilities required to adequately protect assets being accessed remotely.
The good news? Secure access solutions purpose-built for CPS protection are proliferating, and the market for such solutions is growing.
In Claroty’s latest Buyer’s Guide for Secure Access Solutions, we take a thorough look at the CPS cybersecurity landscape, what criteria to consider when choosing the right secure access solution to protect such systems, key outcomes of secure access, and more. This post will give a brief overview of what the report covers.
Understanding the CPS Cybersecurity Landscape
At its core, the convergence of operational technology (OT) and IT—in which organizations are bringing assets and equipment online for the first time—is changing the landscape of secure access. From a product point of view, IT-centric tools such as VPNs, which give blanket access once a user authenticates, are not developed specifically for the OT domain and are ill-equipped to handle this shift. When using tools like this, just one compromised credential can lead to an attacker gaining widespread access to the OT network, jeopardizing worker or public safety, leading to equipment shutdowns, process disruption, and service interruption.
What’s more, rapid connectivity has outpaced organizations’ ability to adequately protect critical infrastructure. Without a comprehensive solution in place, managing the operational risks associated with this can quickly become overwhelming. In 2024, Claroty conducted an independent survey of more than 1,100 professionals across OT engineering, biomedical, facilities management, and more, and nearly half of the respondents (45%) said their financial losses from recent cyberattacks totaled $500,000 USD or more.
Core Controls to look for in a Secure Access Solution
OT asset-heavy enterprises are facing unprecedented demands for remote access for maintenance, not only from internal personnel but also third party suppliers and contractors. Therefore, there are a handful of controls buyers should look for when evaluating secure access solutions.
Tools Designed for OT Domains
Secure access solutions should be flexible and offer simplified integration with existing tools. Organizations want tools that reduce the number of costly onsite visits in order to shorten maintenance windows.
Support for Varied Access Control Capabilities
Secure access solutions should support capabilities such as multifactor authentication, role-based access controls, password vaulting, and single sign-on in order to enforce the principle of least privilege and provide users with safe and highly controlled access.
Scalable Architecture
Secure access solutions should also support the extensive universe of OT protocols, allowing for interactions with diverse assets from multiple vendors. Integration with existing identity management frameworks should also be seamless, and policies should carry over.
Ensure Compliance
Logging and recording of remote sessions are a must in order to meet compliance and auditing demands. Real-time session controls should also be an option for buyers who need to have the ability to shut down malicious sessions or activities that violate security policies.
