Time to Rethink Your VPN: A Gateway for Vulnerabilities

Enhance your OT cyber resilience with Equinix and Honeywell

Kian Yew Siaw
Kelvin Chin
Time to Rethink Your VPN: A Gateway for Vulnerabilities

With remote working on the rise, cybercriminals have revved up their antics. Enterprises in the Asia-Pacific region experienced a 168% year-on-year increase in cyberattacks in May 2021.1 Foreign bad actors routinely exploited unpatched Virtual Private Networks (VPNs) in 2020, according to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). This is alarming, as VPN was not among the top 10 common vulnerabilities and exposures (CVEs) from 2016-2019.2

While the IT arena may be more attuned to remote working, it’s a different story for the Operational Technology (OT) industry, which often requires personnel on-site to safeguard Industrial Critical Systems (ICS) like power grids, electrical utilities, and oil and gas facilities. With successful attacks capable of bringing entire organizations to their knees, dispersed OT teams require ever-secure access to OT environments to swiftly respond to potential disruptions.

Not Created Equal: IT versus OT Remote Access Requirements

Despite the increasing IT/OT convergence, many enterprises fail to realize the vast differences in IT and OT remote access requirements. While staff in IT environments can largely work remotely once equipped with collaborative tools, OT environments grapple with more complexities to ensure effectiveness while working remotely:

Critical need to keep the lights on to ensure business continuity, especially for OT environments classified as Critical Information Infrastructures (CIIs)

Significant reliance on the highly specialized skills of equipment manufacturers, remote operators or contractors for on-site monitoring, diagnosis and operation of capital-intensive assets

Today’s turbulence requires the urgent review of critical security and risk strategies to address both IT and OT cybersecurity holistically.

168%

year-on-year increase in cyberattacks among enterprises in the Asia-Pacific region in May 2021.

Secure Your Business with a holistic OT Cybersecurity Platform with Honeywell and Equinix

As enterprises incorporate business insights into Operational Technology (OT) systems, and adopt Industrial IoT, threat actors are also flexing their muscles to exploit the higher attack surfaces of these newly converged OT and IT environments. Read more on how businesses can leverage Honeywell’s industrial experience and proven operations technology (OT) cybersecurity expertise on Platform Equinix® to secure your business.

Read More
Data Center Female It Specialist Using Laptop. Server Farm Cloud Computing and Cyber Security Maintenance Administrator Working on Computer. Information Technology Professional.

Pandemic Heightens Need for Secure Remote Access for OT Systems

A research has shown that while Virtual Private Network (VPN) usage spiked during the pandemic,3 they also pose increasing security risks as cyber actors target the known vulnerabilities of this weakest link.4 Latest threat research by Nuspire and Recorded Future reported that VPN attacks have gone up by nearly 2000%5 with the embracement of hybrid workplace arrangements.5 Indeed, despite widely-published, known vulnerabilities in VPNs, cyber actors continue to be successful in exploiting such vulnerabilities.

The reality is that traditional VPNs fall short of the granular control required to manage access to specific parts of the industry network. It is time to power OT environments with a more resilient and scalable infrastructure that is highly secure, agile and connected to support its stringent remote access requirements.

Vital: Industrial-Grade Remote Access
One way to harden security defenses is to equip OT environments with industrial-grade remote access built with the singular purpose of ensuring operational and business continuity. To effectively bolster one’s security posture, the industrial-grade remote secure access solution needs to:

  • Enable plant personnel to grant remote access with granular controls, e.g., give access to only specific file/folder with end time defined; enable real-time supervision with ability for real-time video recording and playback; ability to instantly terminate access once suspicious activity is detected—with granular controls managed via per-session, per-user and per-protocol.
  • Provide single pane of control for centralized operations, including support for Two-Factor Authorization (2FA) to customize access controls.
  • Enable password vaulting which maps accounts without disclosing internal shared credentials.
  • Support multiple geographic locations and allow real-time supervision of remote access by a contractor in Country A from Country B.

An example of such an industrial-grade solution is Honeywell’s Secure Remote Access, which is designed to meet the complex needs of the modern OT and ICS environments. Remote field assets are safeguarded with centralized granular control over remote access sessions across the enterprise and geographical regions. By enabling employees to work from home, business continuity is ensured while eliminating travel time and costs. All these work together to accelerate incident response with automated deployment, enforcement and standardization of system-wide security policies for service delivery, troubleshooting or remote operations.

Complete the Equation: Proven Agile and Interconnected Infrastructure
Yet, an industrial-grade remote access solution is only half the equation. It needs to be backed by an agile digital infrastructure that delivers:

  • Agility to provision remote secure access quickly
  • Reliability to safeguard mission-critical data with the highest levels of security to ensure operational reliability
  • Security with secure connectivity that reduces network hops and congestion to ensure seamless access to data and applications without delays

Choosing to host Honeywell’s security center on Equinix Metal™, an automated and interconnected bare metal service, inside an Equinix International Business Exchange™ (IBX®) data center ensures the quick provisioning of a dedicated turnkey physical infrastructure to secure OT assets more safely off-site. With 240 data centers across 66 metros globally, Equinix assures the absolute uptime of these security centers with secured interconnection, which in turn eliminates travel time and costs to accelerate responses for any OT cyber incidents. Cost is further reduced as CAPEX is replaced with a pay-per-use OPEX model. Third-party contractors, operators and equipment manufacturers can also securely interconnect their distributed infrastructure and digital ecosystems everywhere, on-demand, through Equinix Fabric™, which bypasses the public internet, thus reducing security threats and attack surfaces.

Learn more about proven ways to secure your remote access by booking a conversation with Equinix and Honeywell, which includes a visit to Honeywell’s Center of Excellence showcase.

1Asia Pacific experiencing a 168% year on year increase in cyberattacks in May 2021,” Check Point Blog.

2,3COVID-19 impact on organizations’ use of VPNs worldwide 2021,” Statista, Feb. 14, 2022.

4Hackers targeting VPN vulnerabilities in ongoing attacks,” TechTarget, April 26, 2021.

5VPN attacks up nearly 2000% as companies embrace a hybrid workplace,” Help Net Security, June 15, 2021..

Kian Yew Siaw
Kian Yew Siaw Partner Sales Manager
Kelvin Chin
Kelvin Chin VP APJ OT Cybersecurity, Honeywell
Subscribe to the Equinix Blog