High-Stakes Security Setups Are Making Remote Work Impossible

It's a rule of thumb in cybersecurity that the more sensitive your system, the less you want it to touch the internet. Companies with especially sensitive data or operations often limit remote connections, segment networks to limit a hacker's access if they do get in, and sometimes even disconnect their most important machines from the internet altogether. Late last week, the US government's Cybersecurity and Infrastructure Security Agency issued an advisory to critical infrastructure companies to prepare for remote work scenarios as Covid-19 spreads. Many companies have instead attempted to restrict the connections between their IT networks and their so-called OT or operational technology networks—the industrial control systems where the compromise of digital computers could have dangerous effects, such as giving hackers access to an electric utility's circuit breakers or a manufacturing floor's robots. "These jump boxes that were built to facilitate secure remote access in emergency situations weren't built to support this situation where everyone is performing routine maintenance and operations remotely."