Isolation, control and real-time monitoring of privileged sessions with strict access control.

In recent years, automation networks and Industrial Control Systems (ICS) are experiencing an increase in connectivity and access points to other networks, such as:

  • Remote maintenance, support and diagnostics connections from third party vendors and service providers
  • Remote access from government, regulatory agencies and other operators (such as electric grid operators).
  • Corporate users – when corporate business users and applications are connecting to the ICS network for business information

This increase in the number of connections comes at a time of increased pressure in the opposite direction- to completely isolate the ICS and automation networks. The isolation is required due to the increased threat of a cyber attack on the ICS network. Many of the elements in the ICS networks (e.g. PLCs and RTUs) have little to no security controls to protect them –making them vulnerable to cyber attacks.

The CyberArk solutions play a key role in helping energy utilities comply with the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) v5 standards. The requirements for Interactive Remote Access Management (CIP-005-5 R2) which call for the usage of an intermediate device that supports encryption and multi-factor authentication are fully met by CyberArk Privileged Session Manager. The requirements for securing privileged access (CIP-007-5 R5) are met by the CyberArk Privilege Account Security solution.

One of the strategies to manage the challenges of providing more connectivity while isolating critical systems is to adopt the concept of “zones” and “conduits” which was introduced in the ANSI/ISA-99 Standards: Security for Industrial Automation and Control Systems.

CyberArk’s Privileged Session Manager is used in this environment as a Next Generation jump server in order to support the concept of secure connectivity (“conduit”) between different networks (“zones”). PSM provides isolation, control and real-time monitoring over privileged sessions with strict access control. The three-in-one capabilities offered through a next generation jump server better protect against insider threats or those targeted by external attackers.

Another popular scenario is for remote vendor access where CyberArk PSM ensures that access to critical cyber assets is performed in a secure manner by isolating any malware coming from the vendor host, preventing it from ever reaching the critical asset while monitoring and recording session activity for better control and data protection.