When WFH Isn't an Option

When WFH Isn't an Option

A friend recently posted on social media a question along the lines of, "who are all these "essential" workers that can't work from home?" As an IT professional with family members that work in critical infrastructure, I felt a need to shed some light on what all those citizens are experiencing while the rest of us are sheltered-in-place. Additionally, some companies have realized that some of their workers are repeatedly making trips into the office/facility/datacenter to do work that cannot be performed remotely. If you've wondered the same, or are looking for ways to better protect your own workforce, read on!

In February, Edison Electric Institute, an association for electric companies whose members provide electricity for roughly 200 million Americans, warned that electric utilities might be impacted just like any other business: with up to 40% of the personnel out sick, quarantined, or out of work caring for sick family members. That includes power plant operators, line workers, call center representatives - everyone involved in the delivery of power to our homes and businesses.

While most businesses enact or expand “Work From Home” (WFH) policies, critical infrastructure such as power utilities, along with many others, may not have that luxury.

There are two categories that immediately come to my mind when facing “remote work” challenges:

  1. Operational Technology (OT), such as industrial control systems in manufacturing, utilities, etc.
  2. Highly sensitive and secure systems that may be intentionally “air gapped” from the Internet.

Operational Technology (OT) often can’t be managed remotely.

In many of our industrial and manufacturing clients, efforts have been made to carefully segment and isolate OT and IT networks. In fact, this connectivity gap is a major factor for many companies working to implement IIoT - the “Industrial Internet of Things”. Even in cases where connectivity is achieved, taking action in an industrial environment may still mean physically pulling a lever or opening a valve.

In cases where IT and OT have successfully converged, the ‘bridge’ between the two is justifiably tightly controlled. These restrictions create choke points for hackers and malicious actors trying to move between networks - but they also prevent or limit remote work. In one instance, these machines and appliances were configured such that only a single connection is allowed at a time - a reasonable precaution under normal circumstances. However, under these challenging times, it means IT administrators are ‘colliding’ with each other - one admin logging in to do work effectively kicks off a coworker right in the middle of their task.

In some instances, such as our critical infrastructure (power, gas, water, etc.), operations must remain continuous. It is common practice for essential engineers, operators, and technicians to be onsite and providing 24x7 coverage via multiple overlapping shifts. This means when you start your shift you’re sitting down at the same desk, and using the same keyboard, workstation, and phone, as the person who worked the shift before you. Additionally, maintenance is often only performed during a scheduled shutdown. Shutdowns are not scheduled frequently - and are never rescheduled. 

High security means less connected.

Many of us in IT have long recognized the compromise between security and connectivity. The more secure a system needs to be, the less likely it is to be connected to the Internet - much less able to be remotely controlled or managed over the World Wide Web.

Our nation’s intelligence agencies have policies that strictly forbid working from home. Plenty of corporate security personnel would cringe if intellectual property were being copied for at-home work, and we would all agree that it’s generally a bad idea for doctors to take medical records home. 

In other words, these are rules that exist for valid reasons, and those reasons haven't changed due to the current pandemic. 

So, what do you do?

In these cases, you must take measures to limit the biological exposure of your critical personnel and operations teams. Many companies are screening personnel before entering a facility - but let’s face it, if an employee is already running a fever, they’ve likely already exposed their peers to the contagion prior to symptoms emerging. 

In addition to screening for already sick employees, consider implementing ad-hoc physical barriers and temporary additional air handlers. Since some environments are ill-suited to “social distancing” and workers must be in close proximity to one another you should either enforce the use of personal protective equipment (PPEs) such as face masks, or erect temporary physical barriers if PPEs are not practical or available. A little clear acrylic and disinfectant spray could go a long way - and I’ve also seen “air dams” used as a creative solution

Company guidelines should also be in place to limit off-hours exposure. Consider offering positive incentives for adjustments to habits and lifestyle. After all, we do the same to encourage smoking cessation and more exercise - similar incentives can be applied in response to the pandemic.  

In extreme cases, an organization may even need to consider screening and then sequestering critical personnel. Hopefully, you’ve considered this and included it as part of a pre-existing crisis plan and employee agreement.

In all cases, I urge organizations to resist the temptation to create temporary connectivity or temporarily ease access restrictions. As a colleague often reminds me, “there’s nothing more permanent than a temporary solution.” Even though some hackers have made a promise not to attack our healthcare system during this time of crisis, there’s plenty of evidence that attacks are ramping up against our OT systems, and even our home networks and video meetings.

Bonus tip: provided by a CISO colleague, especially when participating in video meetings. 

Be aware of your surroundings when engaging in video meetings. Items in the field of view - documents, pictures, collectibles and memorabilia - can be leveraged by hackers to identify targets for physical theft or enable follow-up cyber crime. Remember, just like anything on the Internet, what is seen and heard in a video conference can live forever - recorded and stored on myriad distributed systems, waiting to be exploited for gain.






Monikaben Lala

Chief Marketing Officer | Product MVP Expert | Cyber Security Enthusiast | @ GITEX DUBAI in October

1 年

Mike, thanks for sharing!

回复

要查看或添加评论,请登录

Mike McTaggart的更多文章

  • ?? Gamification: The Key to Engagement in the Digital Age

    ?? Gamification: The Key to Engagement in the Digital Age

    In an era where attention is the new currency, gamification has emerged as one of the most powerful engagement…

  • (Temporarily) FREE Resources for Your Response to COVID-19

    (Temporarily) FREE Resources for Your Response to COVID-19

    Last updated: 12:35PM EST 3/17/2020 The impact of the novel coronavirus, now dubbed SARS-CoV-2, is unprecedented. It…

    2 条评论
  • Is Spotify killing your laptop?

    Is Spotify killing your laptop?

    It probably is, if you have a solid state hard drive (SSD). I use Spotify - a LOT.

    1 条评论
  • IoT's Threat to Free Speech

    IoT's Threat to Free Speech

    There's a lot of buzz surrounding the Internet of Things (IoT). It's been heralded as a new Industrial Revolution (that…

    8 条评论
  • iOS 10 - New and LESS Secure!

    iOS 10 - New and LESS Secure!

    A couple of weeks ago, a security researcher named Oleg Alfonin released some information in a blog post detailing a…

    1 条评论
  • Security Features Are Not Security

    Security Features Are Not Security

    One of the best parts of my job is working with clients to better define a technology project's requirements. It's…

  • Are you an IDIoT?

    Are you an IDIoT?

    IDIoT = I Don't "Internet of Things" I've been on a "smart home" quest lately. For a geek like me, moving into a new…

  • Manage Your People Like Patents

    Manage Your People Like Patents

    What are patents? For many organizations, they're the heart and soul. They are the unique knowledge and insights that…

    4 条评论
  • 2 Free Tools for E-Commerce Requirements Gathering

    2 Free Tools for E-Commerce Requirements Gathering

    If you’re reading this post, you’ve likely already started down the path of adding e-commerce to your business or…

    1 条评论
  • 3 Threats and 3 Benefits of the Internet of Things

    3 Threats and 3 Benefits of the Internet of Things

    This post was originally published on the Atlantic BT Blog. The Internet of Things, called the IoT for short, is a new…

社区洞察

其他会员也浏览了