Isolation, control and real-time monitoring of privileged sessions with strict access control.

In recent years, automation networks and Industrial Control Systems (ICS) are experiencing an increase in connectivity and access points to other networks, such as:

  • Remote maintenance, support and diagnostics connections from third party vendors and service providers
  • Remote access from government, regulatory agencies and other operators (such as electric grid operators).
  • Corporate users – when corporate business users and applications are connecting to the ICS network for business information

This increase in the number of connections comes at a time of increased pressure in the opposite direction- to completely isolate the ICS and automation networks. The isolation is required due to the increased threat of a cyber attack on the ICS network. Many of the elements in the ICS networks (e.g. PLCs and RTUs) have little to no security controls to protect them –making them vulnerable to cyber attacks.

NERC (North American Electric Reliability Corporation) highlighted the importance of Remote Interactive Access and included it in its NERC-CIP (Critical Infrastructure Protection) standards and also released the specific “NERC Industry Advisory – Remote Access Guidance” on August 2011 which focuses on this issue and recommends possible solutions.

One of the strategies to manage the challenges of providing more connectivity while isolating critical systems is to adopt the concept of “zones” and “conduits” which was introduced in the ANSI/ISA-99 Standards: Security for Industrial Automation and Control Systems.

CyberArk’s Privileged Session Manager is used in this environment as a Next Generation jump server in order to support the concept of secure connectivity (“conduit”) between different networks (“zones”). PSM provides isolation, control and real-time monitoring over privileged sessions with strict access control. The three-in-one capabilities offered through a next generation jump server better protect against insider threats or those targeted by external attackers.

Another popular scenario is for remote vendor access where CyberArk PSM ensures that access to critical cyber assets is performed in a secure manner by isolating any malware coming from the vendor host, preventing it from ever reaching the critical asset while monitoring and recording session activity for better control and data protection.