External parties may need to connect remotely to critical infrastructure control networks. This access is to allow the manufacturers of equipment used in Australia’s critical infrastructure the ability to maintain the equipment, when a fault is experienced that cannot be fixed in the required timeframe any other method. Such access to external parties is to be considered an extraordinary event, and will only be given at critical times where granting access is required to maintain the quality of everyday life in Australia.
Connecting remotely to a computing system is a widely used and well understood task. Cyber security considerations for such a task can be found in these documents:
Connecting remotely to a control system has some specific considerations. There is existing literature on the topic of remote access to control systems, such as international standard IEC 62443 and advice from ICS-CERT: https://www.us-cert.gov/sites/default/files/recommended_practices/RP_Managing_Remote_Access_S508NC.pdf.
This document is broken into three sections:
- Design principles. The design principles include topics such as time limiting the connection, strong authentication, and the creation of well managed devices.
- Implementation principles. The implementation principles provide guidance on good approaches for satisfying the design principles.
- The protocol. Once the design and implementation principles have been followed, the specified protocol, or procedure, for remote access may be followed.
This document should be ratified every six months to ensure the incorporation of any necessary updates due to a changing cyber-threat landscape. Further, if a significant cyber-event, or awareness of a new method or tradecraft, happens outside of this review cycle, adjustments to the process outlined in this document should occur and be publicised immediately.