Security News > 2021 > February > Working at a safe distance, safely: Remote work at industrial sites brings extra cyber risk
Giving remote access directly to the engineering workstation for the control system increases cybersecurity risk for an industrial company.
There will still be cases where you may want to grant remote access to an engineer to deal with an emergency situation and then revoke the access once the work is done, but if you can limit this access and enable staff to complete their routine work while reducing direct access to the control system, you can minimize the risk of cybersecurity events that could cause safety and environmental incidents.
We've previously discussed the case of remote access from home, but there is also remote access to site systems from another company office or facility.
The risks are reduced in remote access from another company office or facility because it means industrial systems do not need to be directly or even indirectly connected to the public internet.
Mark Carrigan: Companies that hadn't been working on their OT security practices for remote work pre-COVID very likely increased their risk in the spring of 2020 as they enabled remote access to keep the business up and running.
In the summer and fall we moved into Phase 2, where organizations revisited the list of industrial systems and software where remote access was provided and put in place greater restrictions on access and limited permissions where possible.