a centralized method that is well defined and proven.

At a minimum, two-
factor authentication (TFA) should be required for any individual to gain
access to the system. This should be structured for not only Remote Access
but any local network connections as well. This should be applied at the
network connectivity level since most industrial devices do not have TFA
as part of the product. Individual logins and an audit trail would be ideal for
tracking and tracing any issues and mitigating risk. One must know who was
in the system by the individual, not just group access.

Best Practice: A structure or design is required to coordinate and

document activities

It is essential to create or purchase a structure for managing all

the possible connections from various companies. Not having a
standardized approach or leaving it up to others will create an ad hoc
environment that will open the door to many problems.

There are risks in leaving a connection continually open for

external access.

Remote Access should be time-limited or extremely restricted in the type,

quantity, and destinations of information accessible. When a resource is
done troubleshooting, they should close their connection. From a security
standpoint, remote connections should not remain open. No sustained, unused
connections should stay in place. Connections should only be established
when needed — and be authenticated each time — and terminated when done.
Leaving connections continually open presents the risk of accidental changes.

Devices chosen to create bridges or tunnels to the outside must not have
any method that leaves the connection open, whether on purpose or
accidentally. Some devices provide a key switch to enable a connection to a
device. Procedures must be in place to ensure these physical switches are
not left open.

2021 I Practical Guide for Remote Access to Plant Equipment 58