Security and Remote Access for Power Industry


Thread Starter

Jeremy Pollard

My name is Jeremy Pollard and I am an independent automation expert. I am doing some market research into remote access (RA) for an ISA Power Industry Division (POWID) presentation, and as a result have been asked by Route1 Inc. ( to be an advisor to them in the Critical Infrastructure space regarding Remote Access and BYOD.

I am of the mindset that devices on the plant floor should not be externally exposed and the access to these devices should be through one place only -- ONE DOOR TO THE FLOOR.

Vault7 (WikiLeaks and the CIA hacking tools) has destroyed some of the long time beliefs we have had about the security of VPN’s in general amongst other things.

ICS-CERT states that "VPNs are only as secure as the connected devices." Policies, End-Point security, 3rd party risk, Multi-Factor authentication, simple, fast, mobile, flexible, scalable, ISO 27001, IEC62443, NIST Framework, NERC compliancy, ease of use, data at rest (file transfer), no inbound ports, patch management and BYOD are words/phrases associated with good RA. And it’s clear that the user represents a very large risk surface.
As I look at the company's claims about MobiKEY, I see it removing ALL of these barriers, which by default removes the human variability for the most part on the remote device. But that's just me.

So may I ask you to have a look at their technology and respond to this question the CEO put to me??

"It's not a VPN. If you had a technology that delivered secure remote access without creating a new risk vector, use any device for secure access, doesn't require any inbound ports to be open for it to work, keeps your data behind your enterprise's firewall, and saves you money, would you allow it?" is the question the CEO put to me.

A quick intro to MobiKEY can be found here:

Please email me at [email protected] if you would and please let me know what your thoughts are. It is very much appreciated.

Thank you.
Jeremy Pollard, CET

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change

Integrator, Educator, Consulting, Columnist Control Design
Hi Jeremy (and all),

It's hard to really tell what's being described ("It's not a VPN"... well, presumably it's not a giraffe, either, but that still leaves a lot of territory), and even the video is very light on the underlying technology.

It sounds an awful lot like VNC and other remote console programs, with a couple of added pieces, namely:

- a dongle used on the remote system to provide two-factor identification (something you know -- a password -- and something you have -- a dongle).

- a centralized server maintained by the vendor to do authentication. I'm assuming this from the statement that no open incoming ports are needed (yes, that's another statement of what it's not, which may put us further from it being a giraffe, but maybe not). So, if there are no open inbound ports, the target system must be periodically polling the central server to see if any connection requests are present. Alternatively, it could just open a persistent connection.

These aren't bad additions, but I think it would be hubris to say it would be uncrackable. I seem to recall that they used to say that about VPNs. Maybe harder to crack. Which alone would be a good thing.

Ken Crater founder

Jeremy Pollard

Hi Ken.. Thanks for the response...
Well where do I start.
The messaging is somewhat interesting for sure. What is MobiKEY really..
my take:)

- The dongle is paired to a host, and the list of MobiKEYs and the paired hosts are kept on Route1 servers.

- At least 2 factor hardware authentication is used

- When the MobiKEY is plugged into a device, it takes that device over so that the existing environment is bypassed.

- It loads its own video driver from the key as well as a keyboard/mouse driver in real-time. Printer driver if needed.

- It connects to the server and displays the paired hosts.

- Once a host is selected, a non-vpn proprietary tunnel is established between the KEY and the host directly.

- The resulting session replicates the target device.

- No software is installed on the users device (the one with the key inserted into it)

- No data leaves the enterprise

- No tracks are left behind because everything is running off the KEY, not the device

It is like VNC and RDP in the fact that it is remote access with a security function that a software solution only cannot provide. The big deal for me is the fact that the users device which may have
viruses/malware etc cannot influence the MobiKEY session in any way and that it isn't a VPN. The same cannot be said for any other solution for remote access out there.

The US government has vetted it big time. Our industry is unfamiliar with this technology. And its funny that everyone has the same opinion of the technology - it's the same as "_____" which isn't the case at all from my perspective.

Does this help in describing the giraffe:)?? What is the 'Ohhhh' moment that makes it different? Also am very concerned that most really don't care about remote access security as such. But I may be outta touch tho!:)

Hoping you are doing well Ken - cheers mate

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change

Integrator, Educator, Consulting, Columnist, Control Design
Thanks, Jeremy.
OK, so, less giraffe-like now :).

From your description, it sounds like the remote system actually boots off the key (which would be the only way to be completely independent of non-BIOS system software on the remote). That's interesting.

I'm puzzled by the "non-vpn proprietary tunnel" because it seems to carry an implication that this is inherently more secure than a VPN. I think a tunnel is a tunnel -- this one may be non-standard (obscure, perhaps, but not necessarily more secure) and encrypted to a higher level (as VPNs could be).

So, it sounds like some of the risk vectors have been addressed. Again, it's hard to tell without some level of detail relating to the technology, and I'm not sure they'd be forthcoming with that :).

Best Regards,

Jeremy Pollard

Happy Easter to all. And yes Ken when you boot from the key you are strictly leaching off the users power supply and using the k/board and screen natively.

The tunnel issue is above my pay grade so I really don't know the details of it. not sure if it is a packet formulation or protocol as such. The encryption end to end is 'bullet-proof' according to Route1.

The fact that the DHS and the pentagon are using MobiKEY I would suspect that is true... a lot of the functionality is patented so I can only imagine that there may be some insight from the patents themselves, but I am sure as you are that they wont give the keys to the company away!!:)

So if you were a user would you give MobiKEY a spin????

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change

Integrator, Educator, Consulting, Columnist, Control Design