How to manage access to your OT network?

As businesses gradually integrate their IT and OT networks, their industrial equipment is being connected to much larger networks than in the past. This allows a substantially higher number of individuals and devices to access the industrial environment. Plus, the IT network is Internet-enabled and usually wireless-enabled too.

Under these conditions, how to you monitor who connects to what through the company network? The best option is to use a network access control (NAC) solution.

Every time a new user or device attempts to connect to the network, the NAC decides whether or not to authorize access by:

1. Identifying the user and verifying their access rights.
2. Authenticating the device being used.
3. Checking the device’s security status and compliance with the security standards that have been established for the device type. For example, it verifies that the device’s operating system is up to date and that its firewall and antivirus are turned on.
4. If any security parameters aren’t met, the NAC can even remediate issues by installing what’s needed on the device.
5. It provides the user with the network and sub-network accesses established for their user profile.

If a user isn’t authorized to access the network, the NAC system can:

• Completely block network access;
• Provide limited “guest” access to a sub-network, which might let the user access the Internet, but not company devices, servers or equipment;
• Temporarily quarantine the user and device while waiting for their access conditions to be met and, once they are, allowing network access as requested.

NAC solutions can also ensure access traceability by keeping a log with complete information on the users and devices that access the network.

These systems are already popular for IT networks, but they can also make OT network security management more sophisticated, especially now with the rise of IT/OT convergence.

Currently, many OT networks are only protected using physical access restrictions. If an intruder succeeds in physically connecting a device to the OT network, they gain free access to it and can create incidents, steal data or disrupt industrial equipment. As long as the physical connection is maintained, there’s no way to stop the intruder from harming the network or even bringing it to a standstill, resulting in serious consequences for company operations.

A NAC solution is like a watchdog on 24-hour duty, keeping an eye on the company’s physical and wireless network access points. It decides when access should be blocked, but it delivers the message politely with a personalized message. It will even offer to help well-meaning users who have simply been negligent in installing security updates for their device.

Since NAC processes are automated and centralized, these solutions are a reliable ally for securing OT networks in the age of Industry 4.0.

NOVIPRO can help you determine whether a network access control (NAC) system is right for your company. With a strong background in cybersecurity and Industry 4.0, we offer expert advice to help you with your digital transformation and connected factory initiatives.

Read the next article of our series: How to protect your OT network with segmentation.