hera – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Tue, 25 Nov 2025 07:44:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.9 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png hera – Waterfall Security Solutions https://waterfall-security.com 32 32 Selecting OT “Secure” Remote Access Solutions – Options, Criteria & Examples https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/selecting-ot-secure-remote-access-solutions-options-criteria-examples/ Mon, 14 Apr 2025 08:36:27 +0000 https://waterfall-security.com/?p=32424 Which OT remote access solution is right for you? It depends on the sensitivity of your OT/physical process, on your risk tolerance, and on your assessment of credible threats.

The post Selecting OT “Secure” Remote Access Solutions – Options, Criteria & Examples appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterSelecting OT “Secure” Remote Access Solutions – Options, Criteria & Examples

Selecting OT “Secure” Remote Access Solutions – Options, Criteria & Examples

Which OT remote access solution is right for you?
Picture of Andrew Ginter

Andrew Ginter

secure remote access

Which OT remote access solution is right for you? It depends on the sensitivity of your OT/physical process, on your risk tolerance, and on your assessment of credible threats. In Waterfall’s upcoming webinar, we look at the landscape of available OT remote access solutions, how they compare risk-wise, and what a decision tree for choosing between the alternatives looks like.

One core assumption: we are trying to prevent cyber attacks pivoting from the Internet (possibly via intervening IT and other networks) into sensitive OT networks and sabotaging physical operations

remote access solutions comparison table

In our webinar on April 21st, we look at different types of systems:

  • 2FA, DMZ, VPN, Jhost, NGFW – this is a conventional IT/OT remote access system, such as the system described as the minimum acceptable for NERC CIP Medium Impact sites, including (more or less) two-factor authentication, a demilitarized zone “network between networks,” a virtual private network, a jump host, and a next-gen firewall.

  • OT SRA – is a typical OT “secure” remote access solution that works roughly like Microsoft Teams – there is a client in the OT network and it reaches out through an IT/OT firewall to connect to remote laptops and other clients, either by contacting those clients directly or by reaching into a cloud service or other server to rendezvous with clients.
  • Timed switch – a timed hardware switch that temporarily connects / disconnects a conventional type (1) or (2) software-based remote access solution to an IT network or the Internet. The timed switch is normally in a disconnected state and enables temporary remote connectivity infrequently.

  • Hardware-Enforced Remote Access – Waterfall’s HERA, which consists of cooperating inbound and outbound gateways designed to prevent attacks pivoting from the Internet into OT systems.

  • Unidirectional remote screen view technology – tech that lets the remote user “look but not touch” and requires an engineer or other human operator in the protected OT network to cooperate with the remote expert providing remote support.
Join the webinar

Features & Characteristics of Remote Access Solutions

To compare risks in these solutions, we look at a number of features & characteristics:

  • High connectivity – CISA and other authorities recently requested that high-consequence sites stop using VPNs for remote access, in large part because VPNs very often provide more connectivity into IT and OT networks than is needed and is wise.

  • Dangerous features – many “secure” remote access solutions have a myriad of features including dangerous ones such as file transfers (of potentially malicious files) and clipboard cut-and-paste operations (of potentially large attack scripts).
  • Firewalled – most “secure” remote access solutions demand a firewall at the IT/OT interface. Firewalls have a role inside OT networks and inside IT networks but are often not strong enough to defend a consequence boundary – when OT and IT networks have dramatically different worst-case consequences of compromise.

  • Server pivot – most “secure” remote access solutions have fairly constant IP addresses. They are in a sense “sitting ducks” for any adversary who cares to test them, any time that adversary cares to test them – for zero days, for unpatched known vulnerabilities, for misconfigurations and so on. And once these remote access servers are compromised, the attacker can pivot through the compromised remote access equipment, using the compromised equipment to attack more valuable assets deeper into the OT network.
  • Client pivot – most remote access solutions can be mis-used by attackers if he remote workstation or laptop is taken over. Two-factor authentication makes this harder, but not impossible, since 2FA is also software with vulnerabilities, both known and zero-day. Attackers thus are able to pivot through a compromised remote endpoint into the protected OT network.

  • Constant exposure – most remote access solutions are “always on” – constantly exposed to attacks from compromised external networks, such as IT networks and the Internet.
  • Personnel – most remote access solutions are designed for unattended operation, meaning that no OT personnel need be present at or internally connected to remote sites, such as substations, pump stations, lift stations, compressor stations or other remote installations. Attended operation systems that work only if there are local personnel present to help them along tend to be more secure, but those personnel are not always available.

Join the webinar

How do we use these characteristics to choose between the options?

Well, we need to understand our needs and especially the criticality of our physical operations. A key question: what is the worst consequence possible due to a credible attack scenario? The question has three key parts:

  • Worst possible consequence – what is the worst that can happen if compromised computers either fail to function correctly, or more often are deliberately made to function maliciously. And beware – many risk programs have blind spots, such as bricked control equipment. What happens if the bad guys get in and load dummy firmware into most of our 10-year-old PLCs, damaging them so thoroughly that it is now impossible to reload them with correct firmware? Where do we get spares to replace these components when the manufacturer no longer produces this equipment?
  • Credible attacks – in the spectrum of possible attacks (see Waterfall’s report on the Top 20 Cyber Attacks on Industrial Control Systems), which attack scenarios and consequences do we deem credible threats, given the defenses we have already deployed and the remote access systems we are considering, and which consequences and attacks do we not believe will be realized in our network or in any similar networks, any time soon?
  • Acceptable consequences – which credible consequences, due to credible attacks on our systems, do we deem acceptable vs. unacceptable?

All this and more, in greater detail, with industry-specific examples, is coming up in our Apr 21 webinar ‘Building a Game Plan for OT Remote Access‘. 

I hope you can join us.

Join the webinar
About the author
Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 23,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.

FAQs About Remote Access Solutions

2FA, DMZ, VPN, Jhost, NGFW – this is a conventional IT/OT remote access system, such as the system described as the minimum acceptable for NERC CIP Medium Impact sites.
Another type is OT SRA, which is a typical OT “secure” remote access solution that works roughly like Microsoft Teams.
Timed switch – a timed hardware switch that temporarily connects / disconnects a conventional type (1) or (2) software-based remote access solution to an IT network or the Internet. 
Hardware-Enforced Remote Access, like Waterfall’s HERA, which consists of cooperating inbound and outbound gateways designed to prevent attacks pivoting from the Internet into OT systems.
And finally, unidirectional remote screen view technology which lets the remote user “look but not touch” and requires an engineer or other human operator in the protected OT network to cooperate with the remote expert providing remote support.

The main features and characteristics of a remote access solution are the degree of connectivity, the location of firewalls, server & client pivots, exposure time to potential attacks, and the personnel required to operate them.

To know which remote access solution to choose, we first need to understand our needs and especially the criticality of our physical operations. A key question to answer is: what is the worst consequence possible due to a credible attack scenario? Once we understand what is at stake, we will have a better understanding of how to choose the solution that prevents this scenario from occuring.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Selecting OT “Secure” Remote Access Solutions – Options, Criteria & Examples appeared first on Waterfall Security Solutions.

]]> Webinar: Navigating OT Remote Access – Technologies, Limitations, and the Latest Recommendations https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/webinar-navigating-ot-remote-access-technologies-limitations-and-the-latest-recommendations/ Tue, 08 Oct 2024 12:13:04 +0000 https://waterfall-security.com/?p=27795 Watch for an insightful webinar as we delve into the rapidly evolving landscape of OT remote access. With the surge in remote access to OT networks, industrial operations and critical infrastructures are under pressure to enhance their security measures.

The post Webinar: Navigating OT Remote Access – Technologies, Limitations, and the Latest Recommendations appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWebinar: Navigating OT Remote Access – Technologies, Limitations, and the Latest Recommendations

Webinar: Navigating OT Remote Access – Technologies, Limitations, and the Latest Recommendations

Watch the webinar to discover cutting-edge OT remote access strategies.

Watch the insightful webinar where we delve into the rapidly evolving landscape of OT remote access. With the surge in remote access to OT networks, industrial operations and critical infrastructures are under pressure to enhance their security measures. 

In this webinar, Andrew Ginter takes us through:

arrow red right The Rise of Remote Access: Understand the dramatic increase in remote access to OT networks and its implications.

arrow red right Technology Choices: Explore a variety of remote access technologies, each with unique costs, benefits, and security limitations.

arrow red right Security Challenges: Learn why CISA and other authorities are advising against traditional VPNs and other “secure” remote access technologies.

arrow red right In-Depth Analysis: Get a detailed look at the limitations of current technologies and the evolution of the solution space.

arrow red right Latest Recommendations: Discover the cutting-edge OT remote access technologies recommended by recent government guidelines.

Meet Your Expert Guide:

Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 23,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Webinar: Navigating OT Remote Access – Technologies, Limitations, and the Latest Recommendations appeared first on Waterfall Security Solutions.

]]> IT Remote Access VS. OT Remote Access https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/it-remote-access-vs-ot-remote-access/ Sun, 01 Sep 2024 12:48:55 +0000 https://waterfall-security.com/?p=26760 Outline comparing key differences between remote access used in an IT environment, and remote access solutions that cater to an industrial OT environment

The post IT Remote Access VS. OT Remote Access appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsIT Remote Access VS. OT Remote Access

IT Remote Access VS. OT Remote Access

An outline and comparison of the key differences between remote access used in an IT environment, and remote access solutions that cater to an industrial OT environment.
Picture of Waterfall team

Waterfall team

IT remote access vs OT remote access

When it comes to Remote Access, pretty much all available solutions deliver a very similar user experience. The user logs in and accesses another computer or device. But when we look a bit deeper, there are some very deep variations that come into consideration, especially when it comes to cybersecurity. The purpose and goals of remote access vary greatly between different uses and the acceptable levels of security.

In one of our previous blog posts, HERA Under the Hood, we covered how HERA works by explaining its technical functions and tasks. Here, we are going to outline how HERA is used and all the ways it differs from common IT Remote Access solutions.

“The purpose and goals of remote access vary greatly between different uses and the acceptable levels of security.”

Environment and Criticality

For IT Remote Access: Typically involves accessing corporate networks, applications, and data. Downtime or breaches can affect business operations, and can be costly, but usually have no impact when it comes to physical safety.

For OT Remote Access: Involves accessing industrial control systems (ICS), SCADA systems, and other critical infrastructure. Downtime or breaches can lead to significant physical and safety risks, including potential harm to people and equipment. There is very little “margin-of-error” as anything that might trigger a shutdown, even as a precaution, will have a very public and far-reaching impact.

Network Architecture

For IT Remote Access: Often involves flat network architectures and usually uses technologies like VPNs and remote desktop protocols (RDP).

For OT Remote Access: Requires segmented and isolated networks to prevent cross-contamination. Utilizes unidirectional gateways, secure remote access appliances, and proprietary protocols purpose-build and designed for OT environments.

>>Want to learn more? Talk to an expert >>

Security Focus

For IT Remote Access: Focus is on data security, confidentiality, and integrity. Primarily protecting against data breaches and unauthorized access.

For OT Remote Access: Emphasizes availability, reliability, and safety of physical processes. Protects against disruptions that could impact operational continuity and physical safety.

Update and Patch Management

For IT Remote Access: Regularly scheduled updates and patches are common.

For OT Remote Access: Patching can be more complex and infrequent due to the need for continuous operations and the critical nature of the systems.

Compliance and Standards

For IT Remote Access: Governed by standards such as ISO/IEC 27001, GDPR, and HIPAA.

For OT Remote Access: Governed by standards such as IEC 62443, NERC CIP, and NIST SP 800-82.

Technology and Tools

For IT Remote Access: Uses commercial off-the-shelf (COTS) solutions like VPNs, remote desktop services, and cloud-based remote access tools.

For OT Remote Access: Often requires specialized solutions tailored for industrial environments, such as industrial VPNs, secure remote access hardware appliances and unidirectional security gateways.

While the final result with both OT and IT remote access is a functional way of accessing a workstation remotely, the pathway to each one is of dramatically different considerations, and priorities. The goal of IT cybersecurity is to protect sensitive information from getting OUT, while OT cybersecurity protects sensitive equipment by not allowing anything IN.

When it comes to protecting OT remote access, no one offers the robust protections that HERA delivers. Read more about Hardware Enforced Remote Access (HERA)

Talk to an expert to learn more

About the author
Picture of Waterfall team

Waterfall team

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post IT Remote Access VS. OT Remote Access appeared first on Waterfall Security Solutions.

]]> Hardware-Enforced Remote Access (HERA) – Under the Hood https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/hardware-enforced-remote-access-hera-under-the-hood/ Wed, 17 Jul 2024 08:32:39 +0000 https://waterfall-security.com/?p=25424 Waterfall's HERA is a true interactive OT remote access with unidirectional protection for OT. How does it work?

The post Hardware-Enforced Remote Access (HERA) – Under the Hood appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterOT security standardsHardware-Enforced Remote Access (HERA) – Under the Hood

Hardware-Enforced Remote Access (HERA) – Under the Hood

Waterfall's Hardware-Enforced Remote Access is something new in the world - true interactive OT remote access with unidirectional protection for OT networks. How is this possible?
Picture of Andrew Ginter

Andrew Ginter

Hardware enforced remote access for OT - UNDER THE HOOD

HERA® - Big Picture

The big picture of HERA is similar to that of conventional, software-based remote access solutions:

Diagram of HERA - Hardware Enforced Remote Access

 

In a highly automated mine, for example:

  • A remote user – say a laptop is on a conference hotel’s Wi-Fi network remoting into the mine across the Internet,

  • The HERA gateway is located at the protected mine site, and

  • The protected OT network is “behind” the gateway – in this example the mining safety and other automation.

The big difference from conventional software-based remote access is what happens inside the HERA gateway.

“The big picture of HERA is similar to that of conventional, software-based remote access solutions….The big difference from conventional software-based remote access is what happens inside the HERA gateway.”

HERA Gateway

Under the hood of HERA are two instances of Waterfall’s flagship Unidirectional Security Gateways technology. One Unidirectional Gateway is oriented from the protected OT network out to the Internet-exposed IT network or to the Internet directly. That gateway’s hardware is physically able to send information in only one direction – the gateway sends HERA screen images out to the remote user across the Internet. Nothing can get back.

The second gateway under the hood of HERA is a variation of the standard Unidirectional Gateway. This gateway does two things. First, this second gateway sends HERA encrypted keystrokes and mouse movements (KMM) back into the OT network through the unidirectional hardware – nothing can get back out through that hardware. Second, the inbound hardware has gate array logic built in, and this logic scans the unidirectional communications and allows only the very simple encrypted HERA KMM information to pass – all other attempts at communication are rejected. Finally, on the OT network, that gateway’s receiving CPU runs virtual machine (VM) software, creating a brand new VM for each remote user session.

To recap, under the hood of the HERA gateway is:

  • An inbound Unidirectional Gateway, which contains:

    • An Internet-exposed CPU interacting with the remote user / laptop,

    • One-way hardware that permits only encrypted KMM data to pass, and

    • A CPU on the OT network receiving the encrypted KMM data, decrypting that data and sending keystrokes and mouse movements to the remote users’ session VMs,

  • An outbound Unidirectional Gateway, which contains:

    • A CPU on the OT network receiving screen images from the HERA VMs,

    • One-way hardware,

    • A CPU on the IT/Internet sending copies of HERA’s session VM screens across the Internet to remote users.

The whole solution fits in 2u of rack space.

Contact Waterfall to request a free consultation

A HERA Session

With that background, what does a HERA session look like? The remote user launches the HERA application on their desktop or laptop and chooses one of the configured destinations. This app runs only on computers equipped with a hardware-based Trusted Platform Module (TPM) and uses the TPM hardware to encrypt two (2) standard TLS connections to the HERA gateway. One connection sends encrypted KMM information, and the other receives screen images. The remote user sees the image of a VM screen come up, and the user is challenged for a username and password. This is in fact two-factor authentication, with the HERA encryption credentials stored in the laptop’s KVM hardware being the second form of authentication.

At this point, the user can move the mouse and type on the keyboard. The HERA app encrypts each keystroke and each mouse movement – this time using a different key in the TPM hardware. The app sends the encrypted KMM through the encrypted TLS connection into the HERA gateway.

Here’s the tricky part: the Internet-exposed CPU on the HERA gateway decrypts the TLS connection using its own TPM but does not have the keys to decrypt the encrypted KMM. So, the Internet-exposed CPU sends the encrypted KMM through the one-way hardware into the OT CPU in the HERA device. That OT CPU has the keys to decrypt the KMM and sends the decrypted KMM into the remote user’s virtual session. The virtual mouse moves. Keystrokes are used by the VM, and new screen images are sent back to the user.

How Secure Is this?

What does this mean security-wise? Well imagine that an attacker reaches across the Internet into the target’s IT network and uses a zero-day vulnerability to compromise both of the Internet-facing CPUs in the HERA gateway. What is the worst that can happen? Well, the attacker can interrupt the flow of screen images and KMM. But – can the attacker send arbitrary attack messages into the OT network to propagate the attack further into the network? No. The outbound gateway hardware lets nothing back in, and the HERA inbound gateway hardware lets only encrypted KMM messages back in. And if the attacker tries to forge keystrokes and mouse movements, it does not work – the compromised CPU does not have the keys to encrypt and authenticate keystrokes. Those keys are on the protected OT-resident CPU.

Contrast this with a firewall and software-based remote access solution. Exploit unpatched vulnerabilities in the firewall, VPN server or a complex remote access protocol server and we are in serious trouble. The attacker can reach through the compromised system software and send whatever messages they wish into the OT network to wreak havoc there. Yes, an attack on HERA’s Internet-exposed CPUs can cause the remote access solution to become inoperative, but at most sites this is an inconvenience, not a serious incident. At most sites, remote access saves a little money by reducing travel costs – remote access is generally not required to assure minute-by-minute correct operation of the industrial process.

Bottom Line - a Spectrum of Security

Where does HERA fit within the broader spectrum of remote access solution security? In the illustration, HERA is positioned as stronger than software security, between Unidirectional Secure Bypass and Unidirectional Remote Screen View technologies:

HERA hierarchy of security

  • Conventional software-based remote access products at the bottom of the diagram have vulnerabilities, and rely on firewall software secure OT networks,

  • Secure Bypass is a technology that temporarily enables bi-directional communications into a conventional software-based solution – Secure Bypass provides the OT site with local, physical control over when and how long remote users can access OT networks,

  • HERA is hardware-enforced remote access,

  • Unidirectional Remote Screen View makes copies of OT screen images out to external users through unidirectional hardware, while remote experts provide real-time feedback over the phone to engineers on site moving the mouse, and

  • No remote access at all at the top of the illustration is the most secure option, but is also generally the most expensive option, because industrial sites are unable to take advantage of remote services and service providers.

The bottom line – HERA is something new in the world – the benefits of true interactive remote access without the risk that Internet-based attacks will use remote access vulnerabilities to attack OT targets.

For more details, please contact Waterfall to request a free consultation with a Waterfall HERA expert.

Contact Waterfall to request a free consultation
About the author
Picture of Andrew Ginter

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 23,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Hardware-Enforced Remote Access (HERA) – Under the Hood appeared first on Waterfall Security Solutions.

]]> Webinar: HERA – Hardware-Enforced Remote Access https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/webinar-hera-hardware-enforced-remote-access/ Tue, 16 Jul 2024 07:31:13 +0000 https://waterfall-security.com/?p=23774 Recorded webinar as we took a look at solutions enforced by dedicated hardware, and what benefits such solutions offer for OT security.

The post Webinar: HERA – Hardware-Enforced Remote Access appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterWebinar: HERA – Hardware-Enforced Remote Access

Webinar: HERA – Hardware-Enforced Remote Access

Watch now the webinar as we look at solutions that are enforced by dedicated hardware, and what benefits such solutions offer over comparable software-only solutions.

Software-based remote access — VPNs, 2FA, firewalls, jump hosts, and more all have vulnerabilities and potential zero-days that are exploited routinely by sophisticated threat actors. In this webinar, we look at problems with and attacks that breach conventional “secure” remote access, and we introduce Waterfall’s HERA — Hardware-Enforced Remote Access. With a layer of hardware-enforced protection, in addition to layers of software protection, HERA represents a material improvement in the security of remote access systems for OT networks, even at unattended sites. With strong client protections, TPM support, session recording, moderated access, moderated sessions, zero trust controls, and many other powerful features, HERA opens up a new era for protected remote access to critical networks.

Please watch our webinar to learn about problems with “secure” remote access and a new, powerful capability for safer remote access to OT systems.

In this webinar, Andrew Ginter takes us through:

arrow red right

What attacks have been breaching 2FA, VPNs and other conventional “secure” remote access solutions? What attacks have been breaching 2FA, VPNs and other conventional “secure” remote access solutions? What attacks have been breaching 2FA, VPNs and other conventional “secure” remote access solutions?

arrow red right

How are these attacks and risks neutralized by hardware enforcement?

arrow red right

How can HERA contribute to strong OT network segmentation and physical segmentation requirements?

arrow red right

And examples of how Hardware Enforced Remote Access would be used day-to-day in an industrial setting.

About the Speaker

Picture of Andrew Ginter

Andrew Ginter

VP Industrial Security at Waterfall Security Solutions

Picture of Greg Hale

Greg Hale

Editor/Founder at ISSSource and co-author of the annual Waterfall / ICS Strive Threat Report

Picture of Jim McGlone

Jim McGlone

CTO at Automation, Strategy & Performance and co-author of the highly-regarded Security PHA Review text

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Webinar: HERA – Hardware-Enforced Remote Access appeared first on Waterfall Security Solutions.

]]>