J
My name is Jeremy Pollard and I am an independent automation expert. I am doing some market research into remote access (RA) for an ISA Power Industry Division (POWID) presentation, and as a result have been asked by Route1 Inc. (route1.com) to be an advisor to them in the Critical Infrastructure space regarding Remote Access and BYOD.
I am of the mindset that devices on the plant floor should not be externally exposed and the access to these devices should be through one place only -- ONE DOOR TO THE FLOOR.
Vault7 (WikiLeaks and the CIA hacking tools) has destroyed some of the long time beliefs we have had about the security of VPN’s in general amongst other things.
ICS-CERT states that "VPNs are only as secure as the connected devices." Policies, End-Point security, 3rd party risk, Multi-Factor authentication, simple, fast, mobile, flexible, scalable, ISO 27001, IEC62443, NIST Framework, NERC compliancy, ease of use, data at rest (file transfer), no inbound ports, patch management and BYOD are words/phrases associated with good RA. And it’s clear that the user represents a very large risk surface.
As I look at the company's claims about MobiKEY, I see it removing ALL of these barriers, which by default removes the human variability for the most part on the remote device. But that's just me.
So may I ask you to have a look at their technology and respond to this question the CEO put to me??
"It's not a VPN. If you had a technology that delivered secure remote access without creating a new risk vector, use any device for secure access, doesn't require any inbound ports to be open for it to work, keeps your data behind your enterprise's firewall, and saves you money, would you allow it?" is the question the CEO put to me.
A quick intro to MobiKEY can be found here:
Please email me at [email protected] if you would and please let me know what your thoughts are. It is very much appreciated.
Thank you.
Jeremy Pollard, CET
Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change
Integrator, Educator, Consulting, Columnist Control Design
I am of the mindset that devices on the plant floor should not be externally exposed and the access to these devices should be through one place only -- ONE DOOR TO THE FLOOR.
Vault7 (WikiLeaks and the CIA hacking tools) has destroyed some of the long time beliefs we have had about the security of VPN’s in general amongst other things.
ICS-CERT states that "VPNs are only as secure as the connected devices." Policies, End-Point security, 3rd party risk, Multi-Factor authentication, simple, fast, mobile, flexible, scalable, ISO 27001, IEC62443, NIST Framework, NERC compliancy, ease of use, data at rest (file transfer), no inbound ports, patch management and BYOD are words/phrases associated with good RA. And it’s clear that the user represents a very large risk surface.
As I look at the company's claims about MobiKEY, I see it removing ALL of these barriers, which by default removes the human variability for the most part on the remote device. But that's just me.
So may I ask you to have a look at their technology and respond to this question the CEO put to me??
"It's not a VPN. If you had a technology that delivered secure remote access without creating a new risk vector, use any device for secure access, doesn't require any inbound ports to be open for it to work, keeps your data behind your enterprise's firewall, and saves you money, would you allow it?" is the question the CEO put to me.
A quick intro to MobiKEY can be found here:
Please email me at [email protected] if you would and please let me know what your thoughts are. It is very much appreciated.
Thank you.
Jeremy Pollard, CET
Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change
Integrator, Educator, Consulting, Columnist Control Design