The Zero Trust cybersecurity model has steadily gained traction as a cybersecurity model over the past two decades. Also known as perimeterless security, Zero Trust architecture emerged as an alternative to the perimeter-based security model, which was quickly rendered outdated as digital transformation and remote access were widely adopted across virtually all sectors. And while Zero Trust originally pertained mainly to IT assets, the rapid digitization of operational technology (OT), medical devices, and other cyber-physical systems have made Zero Trust a fundamental best practice for securing the Extended Internet of Things (XIoT).
In a nutshell, Zero Trust seeks to ensure that any given user has a legitimate reason to be doing whatever they're doing. By requiring all users to be continuously authenticated, authorized, and validated, properly implemented Zero Trust architecture prevents adversaries from gaining carte-blanche access to a victim's network from a single point of entry.
In this blog, we'll take a look at why Zero Trust architecture is more critical than ever and highlight why securing remote access to your network is a critical component of its implementation.
Zero Trust adoption involves a shift in mindset for critical infrastructure organizations who currently implement traditional security approaches. These traditional approaches often rely on perimeter-based defenses, and assume that once a user is inside a network that it can be trusted. This dated approach leaves organizations vulnerable to unauthorized access to their critical systems and data, with no authentication in place. Zero Trust infrastructure is particularly important for critical infrastructure organizations to adopt because they provide essential services such as water, power, and transportation — and, if hacked, can cause disruptions to production leaving citizens without food or water, or worse, cause physical damage. Luckily, the government has been making advancements to support Zero Trust adoption, and has begun to develop a plan to help organizations implement Zero Trust architecture.
In May 2021, the Zero Trust approach to cybersecurity received a hearty endorsement from the White House, when Section 3 of the May 2021 Executive Order on Improving the Nation's Cybersecurity set a 60-day deadline for U.S. federal government agencies to develop a plan to implement Zero Trust architecture. This directive was followed up by a January 2022 release from the Office and Management and Budget (OMB), which further detailed a federal strategy to move the U.S. government toward Zero Trust adoption. To assist agencies in complying with the Executive Order, the Cybersecurity and Infrastructure Security Agency (CISA) has posted a series of documents, including the Federal Zero Trust Strategy, the Zero Trust Maturity Model, and CISA's guide to Cloud Security Technical Reference Architecture.
While these directives pertain specifically to U.S. federal government agencies, the urgency by which these directives have been laid out should be seen as a bellwether of Zero Trust's widespread adoption as a universal standard for protecting data, assets, and operations.
As organizations increasingly adopt new technology, and devices become further interconnected, traditional perimeter-based security becomes less and less effective. That’s why Zero Trust adoption has become essential alongside digital transformation. Organizations today are progressively storing data and systems across various geographic locations and are regularly accessing these devices and systems remotely. Zero Trusts enables these organizations to secure their critical infrastructure regardless of their location or the devices accessing them, which is paramount in an era of increased interconnectedness. This however is easier said than done, but, the consequences of not adopting Zero Trust far outweigh the difficulties.
An early, high-profile example of what can happen when internal privileges and remote connections are not properly managed and secured is the 2013 cyber attack against Target, which resulted in a $18.5 million settlement after 40 million credit and debit records were compromised. The adversaries behind the attack gained access to the targeted data using stolen credentials to exploit the external remote-access privileges of a third-party HVAC vendor. Emphasize the importance of implementing multifactor authentication, network segmentation, and least-privilege access policies.
As another example, consider Claroty Global Head of Business Development Mor Bikovsky's anecdote of a major consumer goods brand that experienced a security breach at its flagship production site, which involved the use of WannaCry ransomware. The attackers gained access to the network via a vulnerable break-room vending machine that was not properly segmented from the rest of the network. Claroty quickly sprung into action, working with the potential customer to isolate the affected assets with zero downtime. But the main takeaway here is that adversaries should not be able to access critical systems — such as credit card databases or major production facilities — through completely unrelated attack vectors, such as HVAC systems or vending machines.
While the rise of the XIoT delivers many performance advantages for organizations across virtually every sector, the intensified interconnectivity it brings can facilitate the types of attacks described above if not properly managed. Consider the 2022 report finding that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability. Typically, these devices are not within the purview of the security team and are not monitored for weak passwords or default credentials, and without proper Zero Trust implementation in place, they can enable cyber attacks to spread like wildfire within a network.
As organizations continue to build towards a future that is increasingly distributed, Claroty xDome Secure Access offers capabilities needed to implement Zero Trust controls and least-privilege principles. In doing so, Claroty empowers organizations to identify connected devices, enforce granular user access controls, and be alerted to non-trusted communications and behavior across the network.
Claroty xDome Secure Access helps support Zero Trust principles in today's distributed work environment in a number of ways, including but not limited to:
You need the ability to define and enforce extremely granular access controls for industrial assets at multiple levels and geographic locations, down to enabling access for a specific user to a specific asset to perform a specific task during a set time window. With a few clicks, SRA allows you to streamline user workflows while shielding critical functionalities from unnecessary access.
Visibility and control over third-party and employee access before, during, and after a remote session takes place is essential for investigation and response to malicious activity. SRA includes the ability to observe activity in real time and terminate the session if needed, as well as view recordings in retrospect for auditing and forensic purposes.
Instead of relying on third parties for password hygiene, many of whom share passwords among multiple individuals, you need the ability to centrally manage user credentials. SRA provides password vaulting and offers multiple options for multi-factor authentication.
SRA leverages a single, highly secure encrypted tunnel for intra-facility communications. This greatly simplifies network firewall configurations, and is consistent with segmentation best practices, for example as required in the Purdue Model. And when the nature of the work involves installing a new file, such as for asset maintenance, SRA ensures file integrity by providing secure file transfer capabilities.
When SRA is integrated with Claroty Continuous Threat Detection, you receive alerts when users engage in unauthorized or unusual activities while connected to the network remotely. You gain details and visibility to monitor, investigate, and respond to incidents so you can prevent, contain, and/or remediate any damage.
Digital transformation and the cybersecurity threats that come along with it have highlighted the need for a more adaptive and flexible approach to cybersecurity. With Zero Trust adoption, and the help of a cyber-physical systems security partner, like Claroty, organizations can build an effective framework to mitigate risk and keep their critical assets safe. By identifying all assets in your environment, continuously monitoring and analyzing network traffic, and quickly remediating threats, you can ensure your organization has the tools they need to enforce Zero Trust principles and establish a strong security framework.
Overcoming the Challenges of Clinical Zero Trust
How Secure Access Enables Compliance With ISA/IEC 62443
Five Levels of Secure Access Maturity
Interested in learning about Claroty's Cybersecurity Solutions?