High-stakes security setups are making remote work impossible
Some staffers at power grids, intelligence agencies, and more can’t work from home …
reader comments
44 with 31 posters participating
It’s a rule of thumb in cybersecurity that the more sensitive your system, the less you want it to touch the internet. But as the US hunkers down to limit the spread of Covid-19, cybersecurity measures present a difficult technical challenge to working remotely for employees at critical infrastructure, intelligence agencies, and anywhere else with high-security networks. In some cases, working from home isn’t an option at all.
Companies with especially sensitive data or operations often limit remote connections, segment networks to limit a hacker’s access if they do get in, and sometimes even disconnect their most important machines from the internet altogether. Late last week, the US government’s Cybersecurity and Infrastructure Security Agency issued an advisory to critical infrastructure companies to prepare for remote work scenarios as Covid-19 spreads. That means checking that their virtual private networks are patched, implementing multifactor authentication, and testing out remote access scenarios.
But cybersecurity consultants who actually work with those high-stakes clients—including electric utilities, oil and gas firms, and manufacturing companies—say that it’s not always so simple. For many of their most critical customers, and even more so for intelligence agencies, remote work and security don’t mix.
“Organizations are realizing that work-from-home would be very difficult to execute,” says Joe Slowik, who previously led the computer emergency response team at the Department of Energy before joining the critical-infrastructure-focused security firm Dragos. “This should be a fairly good wake-up call. You need to figure out a way that if individuals cannot physically access the control system environment for a service that cannot stop,
Continue reading – Article source