Remote access to control systems is necessary for equipment reliability and availability. Securing remote access is a very tough problem because it is a double-edged sword providing needed reliability improvement and a potential vehicle for Living-off-the-Land attacks. Cyber security technologies exist to secure remote access from external intruders. However, cyber security programs are not adequately addressing the “trusted” insider. In many cases, this is the Chinese equipment vendors supplying the modems. Compromised remote access has been found in different industries from different vendors with the common thread being the equipment was Chinese. Compromised remote access can lead to a takeover of critical equipment and consequently must be explicitly addressed.
