{
  "version": 3,
  "sources": ["ssg:https://framerusercontent.com/modules/x0eWNs4bGtFLBwoYi5C8/cbIGeLeTFnaoa5A6vQxw/QsZaADSSZ-3.js"],
  "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as n}from\"framer\";import{motion as i}from\"framer-motion\";import*as s from\"react\";export const richText=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"In the world of autonomous vehicles, the shift from UHF/VHF communications to 4G connectivity has revolutionized operations\u2014and introduced new risks. This article explores how to implement secure remote access for an autonomous vehicle using the \",/*#__PURE__*/e(n,{href:\"https://dispel.com/products/zero-trust-access\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Dispel Zero Trust Engine\"})}),\", tackling the challenges of real-time remote handling in an internet-connected landscape.\"]}),/*#__PURE__*/e(\"p\",{children:\"Traditional fleet management was about extracting data from vehicles to monitor health and performance. But as vehicles become more autonomous and connected via 4G, they are exposed to the vast and vulnerable terrain of the internet. This shift demands robust cybersecurity measures to protect these advanced systems from exploitation.\"}),/*#__PURE__*/e(\"p\",{children:\"Our mission: retrofit an autonomous vehicle with Dispel's zero trust secure remote access. We'll cover everything from establishing connectivity to ensuring low latency and stringent security. We'll confront real-world challenges and demonstrate practical solutions to protect autonomous vehicles from cyber threats.\"}),/*#__PURE__*/e(\"p\",{children:\"This journey is about more than technology\u2014it's about securing the future of remote operations in an increasingly connected world. Join us as we explore how to safeguard autonomous vehicles, ensuring they operate safely and efficiently in the age of 4G connectivity.\"}),/*#__PURE__*/e(\"h2\",{children:\"Securing autonomous vehicles in the age of 4G\"}),/*#__PURE__*/e(\"p\",{children:\"In this article, we delve into the practical implementation of secure remote access and operations for an autonomous vehicle using the Dispel Zero Trust Engine. This demonstration highlights how real-time remote handling can be effectively managed and the challenges one might encounter during the process.\"}),/*#__PURE__*/e(\"p\",{children:\"Fleet management is traditionally thought of as pulling data from devices, vehicles, endpoints, or other IoT systems (your fleet) that are out in the field. This information covers system health, current conditions, operating time, and performance metrics for predictive maintenance. Data streaming such as this from IoT, OT, IIoT, XIoT and the rest of the connected alphabet soup is quite common and readily done.\"}),/*#__PURE__*/t(\"p\",{children:[\"Remote operation of semi- or fully-autonomous vehicles opens a new focus area, with serious cybersecurity controls. Unmanned systems including ground (UGA), aerial (UAV), and maritime surface (ASV/USV) typically focused on system availability, latency, and responsiveness. Drone cybersecurity is \",/*#__PURE__*/e(n,{href:\"https://usa.kaspersky.com/resource-center/threats/can-drones-be-hacked\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"not\"})}),\" as \",/*#__PURE__*/e(n,{href:\"https://www.blackhat.com/docs/asia-16/materials/asia-16-Rodday-Hacking-A-Professional-Drone.pdf\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"secure\"})}),\" as you might \",/*#__PURE__*/e(n,{href:\"https://ccdcoe.org/uploads/2018/10/Art-13-UAV-Exploitation-A-New-Domain-for-Cyber-Power.pdf\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"hope\"})}),\" or think\u2014unless you've been cybersecurity for long and then this will come as little surprise that R&D went straight to sales.\"]}),/*#__PURE__*/e(\"p\",{children:\"Our purpose then is to show how machine builders and vehicle operators can continue to remotely control their equipment while easily dropping in an IEC 62443/NIST 800-82 OT cybersecurity platform to protect transmission and access.\"}),/*#__PURE__*/e(\"h2\",{children:\"Security challenges of autonomous vehicles\"}),/*#__PURE__*/e(\"p\",{children:\"Autonomous vehicles share the same cybersecurity challenges as any other OT asset, with the added risk that the endpoint can now gain speed and hit things. Typically most drone vendors do not implement a comprehensive NIST 800-53-aligned security control suite onto their systems. At most, you will find they use code signing and data-in-transit encryption.\"}),/*#__PURE__*/t(\"p\",{children:[\"Of the 1007 controls and enhancements in NIST 800-53 Rev 5, data encryption in transit only address four (\",/*#__PURE__*/e(n,{href:\"https://csf.tools/reference/nist-sp-800-53/r5/sc/sc-8/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"SC-8\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://csf.tools/reference/nist-sp-800-53/r5/sc/sc-13/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"SC-13\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://csf.tools/reference/nist-sp-800-53/r5/ac/ac-17/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"AC-17\"})}),\", and \",/*#__PURE__*/e(n,{href:\"https://csf.tools/reference/nist-sp-800-53/r5/ac/ac-18/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"AC-18\"})}),\").\"]}),/*#__PURE__*/e(\"p\",{children:\"With drone using 4G LTE connectivity, the attack surface of the device is no longer limited to the realm of relatively near-field UHF concerns. A drone becomes any other IoT asset and should require the same protective controls any other OT device needs under NIST 800-82 or IEC 62443. Welcome to the whole internet.\"}),/*#__PURE__*/e(\"h2\",{children:\"Implementing Dispel Zero Trust\"}),/*#__PURE__*/e(\"p\",{children:\"We wanted to see if we could retro-fit an autonomous vehicle with Dispel zero trust secure remote access.\"}),/*#__PURE__*/e(\"h3\",{children:\"Our platform\"}),/*#__PURE__*/e(\"p\",{children:\"The team at Dispel labs decided to go with a LY-DG01 remote control lawn mower for two primary reasons:\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The system is easily modded, meaning experimenting would be easier than a more delicate platform.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"It was more rugged allowing for outdoor operations and maneuver in more realistic operating environments.\"})})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"Taking delivery of our LY-DG01\"})}),/*#__PURE__*/e(\"video\",{autoPlay:!0,className:\"framer-image\",loop:!0,muted:!0,playsInline:!0,src:\"https://framerusercontent.com/assets/2toVPIUDL0VmU7QMsqsXny2Ks.mp4\"}),/*#__PURE__*/e(\"h3\",{children:\"Establishing Connectivity & Latency\"}),/*#__PURE__*/t(\"p\",{children:[\"Connectivity to LY-DG01 (LY for short) was straightforward. A 4G router and chip established traffic to the onboard switch. Using a Dispel \",/*#__PURE__*/e(n,{href:{webPageId:\"oEuuvgjFx\"},motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Wicket ESI\"})}),\", we set up a Layer 2 overlay network from LY to our lab's regional SD-WAN.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Low latency in remote operations is crucial. Ping times matter more when you could be driving off a cliff. As with all OT assets, security functions should stay as close to the asset as possible for just this reason. In the case of our LY, the gas-powered drone-tank would require real-time handling.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Key Points:\"})}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Low latency is crucial for remote operations, especially to prevent accidents.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"We placed the Dispel Region in our US-East availability zone to minimize ping times.\"})})]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),\"To minimize latency, we put the Dispel Region in our US-East availability zone. With over 30 availability zone around the world, Dispel Region SD-WANs allow us to keep networks as close as possible to the assets they're connecting to to minimize ping times.\"]}),/*#__PURE__*/e(\"p\",{children:\"With the handshake between the Wicket ESI and the Region established, we loaded LY into the Dispel Dashboard, assigning an IP address, subnet, port and protocol rules, and setting up the access control list (ACL) rules for remote connection.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"em\",{children:\"Adding our drone to the Dispel Dashboard\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"973\",src:\"https://framerusercontent.com/images/ibbyZiSsfzFn4Sxi5fJddB9HU.png\",srcSet:\"https://framerusercontent.com/images/ibbyZiSsfzFn4Sxi5fJddB9HU.png?scale-down-to=1024 532w,https://framerusercontent.com/images/ibbyZiSsfzFn4Sxi5fJddB9HU.png 1012w\",style:{aspectRatio:\"1012 / 1946\"},width:\"506\"}),/*#__PURE__*/e(\"h2\",{children:\"Success and Remote Operation\"}),/*#__PURE__*/e(\"p\",{children:\"With the LY-DG01 uplink established and registered, we achieved secure remote access and operation. Our logging, monitoring, access windows, and user controls were in place, preventing unauthorized access.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Key Points:\"})}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The Wicket ESI controls all north-south connectivity, ensuring robust security.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The LY-DG01 demonstrated precise remote handling despite our limited driving experience.\"})})]}),/*#__PURE__*/e(\"video\",{autoPlay:!0,className:\"framer-image\",loop:!0,muted:!0,playsInline:!0,src:\"https://framerusercontent.com/assets/AGqG6GTLs7p3YdM07bPXTKk6iQ.mp4\"}),/*#__PURE__*/e(\"h2\",{children:\"Takeaways and real-world implications\"}),/*#__PURE__*/e(\"p\",{children:\"Drone and other autonomous vehicle manufacturers can and should implement zero trust access principles into their equipment for both trust and safety.\"}),/*#__PURE__*/e(\"p\",{children:\"When we began researching this project we found most drone buyers are not typically OT operators and IT managers but rather the end users or equipment procurement. Even through drones connect into IT and OT systems, they're often not be categorized as an IT endpoint or OT asset and therefore fall between the cybersecurity control requirements imposed by both departments. This shows in the cybersecurity literature and measures taken by drone vendors in general.\"}),/*#__PURE__*/e(\"p\",{children:\"Installing our Wicket and a 4G router, and connecting the LY-DG01 to Dispel ZTNA was a straightforward process like any other OT asset. From our experience here, retrofitting existing fleets for data streaming, remote maintenance, and operation can be done in short order with minimal lift.\"}),/*#__PURE__*/e(\"h3\",{children:\"Practical Recommendations for Manufacturers\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Adopt Comprehensive Security Controls\"}),\": Implement a comprehensive security control suite aligned with standards such as NIST 800-53 and IEC 62443. This includes data encryption, access controls, and regular security audits.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Integrate Zero Trust Principles\"}),\": Ensure that all communication and control channels adhere to zero trust principles. This minimizes the risk of unauthorized access and potential cyber-attacks.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Educate and Train Users\"}),\": Provide training and resources to end users and procurement teams about the importance of cybersecurity and how to implement best practices in their operations.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Collaborate with Cybersecurity Experts\"}),\": Work with cybersecurity experts to design and implement robust security measures tailored to the specific needs of autonomous vehicles.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"Retrofitting existing fleets for data streaming, remote maintenance, and operation with secure access can be done efficiently. Integrating platforms like the Dispel Zero Trust Engine provides a robust solution to ensure both operational efficiency and cybersecurity. By following these best practices, manufacturers and operators can enhance the safety and reliability of autonomous vehicles in real-world applications.\"}),/*#__PURE__*/e(\"p\",{children:\"In the rapidly evolving landscape of autonomous vehicle technology, prioritizing cybersecurity is not just an option\u2014it\u2019s a necessity. Through our demonstration, we hope to inspire industry stakeholders to adopt secure remote access solutions and safeguard their operations against potential threats.\"})]});export const richText1=/*#__PURE__*/e(s.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Take the First Step Toward Zero Trust Access - \"}),\"Ready to simplify access to your cyber-physical systems? \",/*#__PURE__*/e(n,{href:\"https://dispel.com/contact-us\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Get in touch with our team\"})}),\" today or \",/*#__PURE__*/e(n,{href:\"https://dispel.com/book\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"book a demo\"})}),\" to see the Dispel Zero Trust Engine in action!\\xa0\"]})});export const richText2=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"TOKYO, June 17, 2024 -\"}),\"  Dispel, a leading provider of secure remote access for industrial control systems, won \",/*#__PURE__*/e(\"strong\",{children:\"\u201CBest in Show\u201D\"}),\" at Interop Tokyo 2024, presented by their partner \",/*#__PURE__*/e(n,{href:\"https://www.techmatrix.co.jp/product/dispel/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"TechMatrix\"})}),\". The award recognizes Dispel\u2019s zero trust platform providing extensive control, visibility, and response capabilities for IT, OT, XIoT, IIoT and cyber-physical systems through the company\u2019s zero trust \",/*#__PURE__*/e(n,{href:\"https://dispel.com/products/zero-trust-access\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Secure Remote Access platform\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"The \u201CBest of Show\u201D awards receive hundreds of nominations from across the industry. Awards are decided by a committee of leading industry experts from academic, government, and corporate backgrounds. Interop Tokyo is one of the largest technology and computing trade shows in Asia, showcasing technology exhibitors from markets including marketing, business, communications, industrials, and cybersecurity. Dispel won Best in Show, Special Prize in Industrial Networks.\"}),/*#__PURE__*/t(\"p\",{children:[\"Working with \",/*#__PURE__*/e(n,{href:\"https://www.techmatrix.co.jp/product/dispel/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"TechMatrix\"})}),\", a Dispel Japanese partner, the team showcased Dispel\u2019s IEC 62443 and NIST 800-82-aligned capabilities to provide easy and secure remote access to critical infrastructure and operational technology, and securely stream data to and from cloud and on-premises systems. Dispel integrates with a variety of complementary products and services, maximizing the value companies get from all the tools in their cybersecurity stack and simplifying day-to-day operations.\"]}),/*#__PURE__*/t(\"p\",{children:[\"\u201CWe are honored to have been awarded \",/*#__PURE__*/e(\"em\",{children:\"Best in Show\"}),\". Interop\u2019s recognition showcases the strength and importance of our channel partners, and the valued work TechMatrix performs in Japan,\u201D said Ethan Schmertzler, CEO of Dispel. \u201CSecure Remote Access to industrial control systems remains a critical efficiency and cybersecurity need for all manufacturing companies, government agencies, and utilities.\u201D\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Award-Winning Dispel Secure Remote Access Highlights:\"})}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Secure remote access for operators, third-parties, and vendors.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Network segmentation and encrypted data streaming from local assets to cloud and on-premises infrastructure.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Full audit, session recording, logging, and SIEM/SOC integrations.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Privileged access management including SSO, MFA, vendor-self onboarding, and password vaulting.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Virtual desktop workstations as a service so remote users can access the tools they need during sessions and work together.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Asset management for IT and OT devices, including IP, make, model information, and asset discovery integrations.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Extensive platform integrations to IAM/PAM, detection, service management, SIEM, XDR, and on-premises and cloud infrastructure.\"})})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"About Dispel\"})}),/*#__PURE__*/t(\"p\",{children:[\"Dispel is a leading provider of zero trust remote access, data streaming, and DMZ unification for industrial control systems. Founded in 2015, Dispel serves clients representing roughly half a trillion dollars in annual manufactured output worldwide. For more information, please visit\\xa0\",/*#__PURE__*/e(n,{href:\"https://stats.nwe.io/x/html?final=aHR0cDovL3d3dy5kaXNwZWwuY29tLw&sig=YQr1wKa9BpIEnYooFiQf_7-gOY7kswbhqWgU4dNwIcddVR-wNyq6AZ6PK9Uw1ln5CuWLs8riwUswP3qbpHs7Bg&hit%2Csum=WyI0Ynh2ZjkiLCI0Ynh2ZmEiLCI0Ynh2ZmIiXQ\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"www.dispel.com\"})}),\".\"]})]});export const richText3=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"NEW YORK, May 24, 2024\"}),\" - Dispel is pleased to announce the Board's appointment of Anton Aberg to the position of Chief Product Officer (CPO). Anton has been an integral part of Dispel's journey since its early beginnings, and his elevation to CPO reflects his exceptional leadership, dedication, and contribution to the company's success as a leading provider of zero trust remote access, data streaming, managed attribution, and DMZ unification for industrial control systems.\"]}),/*#__PURE__*/e(\"p\",{children:\"As an early member of Dispel, Anton played a pivotal role in shaping the platform from the ground up. He worked closely with the C-suite and co-founders and helped develop and refine Dispel's secure communications product. Anton's promotion comes with the creation of a growing Product team at Dispel, with his role including oversight over Dispel's talented product managers and designers.\"}),/*#__PURE__*/e(\"p\",{children:'\"We\\'ve watched as Anton has taken lead on new features and led new product managers as they\\'ve joined the team with passion and tenacity,\" says Ethan Schmertzler, CEO. \"His promotion has been a long time coming, and we\\'re so excited to see what more Anton will bring with his unparalleled expertise in Dispel and as we head into a new stage of growth. A well-deserved congratulations, Anton.\"'}),/*#__PURE__*/e(\"p\",{children:\"In his new role as Chief Product Officer, Anton will continue to drive Dispel's product strategy, ensuring cohesive, consistent and industry-leading solutions that delight customers and drive growth.\"}),/*#__PURE__*/e(\"p\",{children:\"Prior to joining Dispel, Anton served as the Head of Design at TripleMint, a leading real estate technology company. He developed internal tooling for agents and teams, as well as spearheading various design initiatives to enhance visual branding and user experience. Anton holds a BBA (Bachelor's Business Administration degree) from the University of Hawai\u02BBi at M\u0101noa, having taken an exciting opportunity to study at the National University of Singapore during his last semester.\"})]});export const richText4=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"h3\",{children:\"EPA Increasing Audit & Enforcement of Cybersecurity Rules\"}),/*#__PURE__*/t(\"p\",{children:[\"The Environmental Protection Agency (EPA) has recently issued an \",/*#__PURE__*/e(n,{href:\"https://www.epa.gov/enforcement/enforcement-alert-drinking-water-systems-address-cybersecurity-vulnerabilities\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Enforcement Alert\"})}),\" stressing the critical need for drinking water systems to immediately bolster their cybersecurity defenses. As cyberattacks on critical infrastructure, including community water systems (CWSs), become more frequent and sophisticated, the potential consequences for public health and safety have grown significantly. A successful cyberattack could disrupt water treatment and distribution processes, potentially leading to the contamination of water supplies and posing severe risks to communities.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and the Environmental Protection Agency (EPA), have issued multiple warnings about cyber threats targeting water and wastewater systems. Nation-state actors such as the \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Iranian Government Islamic Revolutionary Guard Corps\"})}),\" (IRGC), \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/resources-tools/resources/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Russian state-sponsored entities\"})}),\", and \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"People\u2019s Republic of China (PRC) state-sponsored cyber actors\"})}),\", including Volt Typhoon and Vanguard Panda, have been implicated. These adversaries have disrupted water systems and may have embedded capabilities to disable them in the future.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To combat these threats, the EPA has outlined several key actions that drinking water systems should implement immediately. These actions include reducing the exposure of critical systems to the internet, conducting regular and thorough cybersecurity assessments, and developing comprehensive incident response plans. Beyond criminal and civil enforcement actions for failures to comply, the EPA, CISA, and FBI strongly recommend system operators take steps outlined in the \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/news-events/alerts/2024/02/23/updated-top-cyber-actions-securing-water-systems\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"em\",{children:\"Top Actions for Securing Water Systems\"})})}),\", which include:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Reduce exposure to public-facing internet.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Conduct regular cybersecurity assessments.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Change default passwords immediately.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Conduct an inventory of OT/IT assets.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Develop and exercise cybersecurity incident response and recovery plans.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Backup OT/IT systems.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Reduce exposure to vulnerabilities.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Conduct cybersecurity awareness training.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Violations and enforcement\"}),/*#__PURE__*/t(\"p\",{children:[\"Since September 2023, \",/*#__PURE__*/e(n,{href:\"https://www.epa.gov/enforcement/enforcement-alert-drinking-water-systems-address-cybersecurity-vulnerabilities\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"over 70%\"})}),\" of systems inspected by the EPA have violated basic SDWA 1433 requirements, missing critical sections in their Risk and Resilience Assessments (RRA) and Emergency Response Plans (ERP). Inspectors found significant cybersecurity vulnerabilities, such as unchanged default passwords, shared logins, and access retained by former employees. Inadequate RRAs and ERPs often lacked assessments of system resilience and strategies for cybersecurity improvements. These violations compromise operational safety and compliance.\"]}),/*#__PURE__*/t(\"p\",{children:[\"As part of the EPA\u2019s multi-year National Enforcement and Compliance Initiative\u2014\",/*#__PURE__*/e(n,{href:\"https://www.epa.gov/enforcement/national-enforcement-and-compliance-initiative-increasing-compliance-drinking-water\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Increasing Compliance with Drinking Water Standards\"})}),\"\u2014inspectors are intensifying checks on CWS compliance with SDWA Section 1433. Given the identified vulnerabilities and recent cyberattacks the EPA has signaled it intends to increase cybersecurity-focused inspections and has stated that if vulnerabilities pose imminent risks to public health, enforcement actions under SDWA Section 1431 may be necessary to mitigate these dangers.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Requirements Under Section 1433 of the Safe Drinking Water Act\"}),/*#__PURE__*/e(\"p\",{children:\"Section 1433 of the Safe Drinking Water Act requires community water systems serving over 3,300 people to conduct Risk and Resilience Assessments (RRAs), develop Emergency Response Plans (ERPs), and certify their completion to the EPA. Additionally, systems must review their RRA and ERP every five years, revise them if necessary, and certify completion of these steps to EPA. These assessments must address natural hazards, malevolent acts (including cyberattacks), and resilience strategies. The emergency response plans must detail strategies for responding to the identified risks and ensuring the continuity of water services during and after an incident. This regulatory framework aims to ensure that water systems are well-prepared to handle various threats, safeguarding public health and water supply reliability.\"}),/*#__PURE__*/e(\"h3\",{children:\"How Dispel Helps CWSs Achieve Section 1433 Compliance and Process Efficiency\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel's Zero Trust Engine offers Secure Remote Access and Continuous Threat Detection designed to address the requirements of the water sector. Here\u2019s how:\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"h4\",children:[/*#__PURE__*/e(\"h4\",{children:/*#__PURE__*/e(\"strong\",{children:\"Reducing Internet Exposure\"})}),/*#__PURE__*/e(\"p\",{children:\"Dispel's Secure Remote Access provides a secure, encrypted connection for remote access to critical water system controls and implements a zero trust set of controls around and in the perimeter. By using Dispel's technology, water systems can minimize their exposure to the internet, significantly reducing the risk of unauthorized access and cyberattacks and aligns with the EPA's recommendation to limit internet exposure to essential systems.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})]}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"h4\",children:[/*#__PURE__*/e(\"h4\",{children:/*#__PURE__*/e(\"strong\",{children:\"Regular Cybersecurity Assessments\"})}),/*#__PURE__*/e(\"p\",{children:\"Dispel's Continuous Threat Detection continuously monitors the zero trust network for any signs of malicious behavior or vulnerabilities. This real-time monitoring ensures that any potential threats are identified and addressed promptly, enabling water systems to maintain a robust cybersecurity posture. This proactive approach supports the EPA's call for regular cybersecurity assessments and ongoing vigilance against potential threats. Monitoring and response are a pillar of assessments by providing testing and response pieces of assessments.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})]}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"h4\",children:[/*#__PURE__*/e(\"h4\",{children:/*#__PURE__*/e(\"strong\",{children:\"Change default passwords\"})}),/*#__PURE__*/e(\"p\",{children:\"Dispel password vaulting allows operators to use unique logins for all assets inside their networks immediately, and supports authenticator cycling on supported assets. Dispel allows operators to connect to IT and OT assets without needing to know the credentials to the target system, so long as they are in an approved session.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})]}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"h4\",children:[/*#__PURE__*/e(\"h4\",{children:/*#__PURE__*/e(\"strong\",{children:\"Conduct an inventory of OT/IT assets\"})}),/*#__PURE__*/t(\"p\",{children:[\"Dispel asset inventory systems both allow for manual inventorying as well as \",/*#__PURE__*/e(n,{href:{hash:\":kwC5tc6Cu\",webPageId:\"WlGEkgU4w\"},motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"integrations \"})}),\"for automated inventorying of cyber physical systems. These then allow granular per-user, port, and protocol enforcement of access control rules.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})]}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"h4\",children:[/*#__PURE__*/e(\"h4\",{children:/*#__PURE__*/e(\"strong\",{children:\"Comprehensive Incident Response Plans\"})}),/*#__PURE__*/e(\"p\",{children:\"In the event of a cybersecurity incident, having a well-defined response plan is crucial. Dispel's solutions include features that facilitate quick identification, isolation, and mitigation of cyber threats. The ability to rapidly respond to incidents helps water systems minimize downtime and mitigate the impact of any potential cyberattacks, fulfilling the EPA's requirement for robust incident response planning.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})]}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"h4\",children:[/*#__PURE__*/e(\"h4\",{children:/*#__PURE__*/e(\"strong\",{children:\"Compliance with the Safe Drinking Water Act\"})}),/*#__PURE__*/e(\"p\",{children:\"By integrating Dispel's Secure Remote Access and Continuous Threat Detection into their operations, water systems can ensure compliance with Section 1433 of the Safe Drinking Water Act. These tools help in conducting risk and resilience assessments and developing emergency response strategies that are essential for protecting public health and ensuring the continuous supply of safe drinking water.\"})]})]}),/*#__PURE__*/e(\"h2\",{children:\"Where to go from here to get compliant\"}),/*#__PURE__*/e(\"p\",{children:\"The EPA's recent enforcement alert underscores the importance of cybersecurity in protecting our nation's drinking water systems. By adopting advanced cybersecurity solutions like those offered by Dispel, water systems can significantly enhance their defenses against cyber threats. Secure Remote Access and Continuous Threat Detection provide the necessary tools to reduce internet exposure, perform regular assessments, and ensure rapid response to incidents, aligning with the EPA's stringent requirements. Ensuring the safety and reliability of drinking water infrastructure is paramount, and Dispel's solutions offer a comprehensive approach to achieving this goal.\"})]});export const richText5=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"NEW YORK, May 16, 2024 - \"}),\"Dispel today announced its Board of Directors appointed Dean Macris as the company\u2019s Chief Information Security Officer (CISO). In this role, Dean shall be responsible for Dispel\u2019s corporate and product alignment with NIST 800-53, NIST 800-171, NIST 800-172, NERC CIP, IEC 62443, SOC 2, and ISO 27001.\"]}),/*#__PURE__*/e(\"p\",{children:\"\u201CGiven the environments our systems are being asked to operate in, we needed someone who recognized cybersecurity was not only a programming and process problem, but also an electromagnetic problem,\u201D said Chris DiLorenzo, Dispel\u2019s CTO. \u201CDean has that firsthand knowledge.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Dean brings extensive cybersecurity experience to Dispel in both operational technology and information technology. His previous responsibilities include serving as the Theater Operations Officer of U.S. Forces Korea; Cyber Technical Director for Naval Special Warfare; managing General Dynamics Electric Boat company\u2019s Signature Secret Network, their largest classified information system; and teaching as an instructor of Cyber Systems at the United States Coast Guard Academy, where he led the development of the Seagoing Vessel Testbed (SVT) for Industrial Controls that sits in the Control Environment Laboratory Resource (CELR). Dean continues his service as a Lieutenant Commander in the U.S. Navy.\"}),/*#__PURE__*/e(\"p\",{children:\"Dean\u2019s responsibilities shall include contributing to engineering and product design throughout the system lifecycle. \u201CWe wanted someone who would work to meet the spirit, as well as the letter, of cybersecurity standards,\u201D said Ian Schmertzler, Dispel\u2019s President and Co-founder. \u201CThat is not only the right thing to do, but also a competitive differentiator in our markets.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"Dean holds a BS in Systems Engineering from the U.S. Merchant Marine Academy and an MBA from the University of Connecticut. Continuing his studies, Dean is a National Security and Strategic Studies Master\u2019s student at the U.S. Naval War College and a Computer Engineering PhD student at the University of Rhode Island.\"})]});export const richText6=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"NEW YORK, March 1, 2024 -\\xa0Dispel and Mitsubishi Electric Corporation (TOKYO: 6503) today announced an agreement to expand their Operational Technology (OT) security businesses through marketing and technical development.\"}),/*#__PURE__*/t(\"p\",{children:[\"Based on this agreement, \",/*#__PURE__*/e(n,{href:\"https://us.mitsubishielectric.com/fa/en/news-and-events/2024/march/dispel-launch/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Mitsubishi Electric will integrate\"})}),\" its factory-automation (FA) equipment and OT security solutions with Dispel's secure remote-access technology to provide a Zero Trust Remote Access Service that enables comprehensive monitoring and control of industrial processes. For Mitsubishi Electric, the goal is to accelerate digital manufacturing by enabling secure data utilization throughout the entire product lifecycle \u2014 from design and installation to operation and maintenance \u2014 thereby strengthening the company's Circular Digital-Engineering business.\"]}),/*#__PURE__*/e(\"p\",{children:'\"At Mitsubishi Electric, we are creating new value in OT security by combining our OT technology and expertise in manufacturing with information-system security technologies from leading security vendors,\" said Kunihiko Kaga, Mitsubishi Electric\\'s Representative Executive Officer and Industry and Mobility Business Area Owner. \"Through our collaboration with Dispel, we expect to contribute to OT security and society as a whole by providing secure environments for remote maintenance.\"'}),/*#__PURE__*/e(\"p\",{children:'\"What matters to industrial customers is uptime, availability, and crew safety,\" said Ian Schmertzler, President of Dispel. \"Cyber security should not be something they need to worry about, but the shifting regulatory and threat landscape has made it impossible to ignore. By providing a Zero Trust Access platform aligned with NIST 800-53 to their customer base, Mitsubishi Electric is making it possible for their clients to refocus on what matters.\"'}),/*#__PURE__*/e(\"p\",{children:\"Dispel \u2014 recognized for its work in critical sectors including oil & gas, manufacturing, food & beverage production, utilities, automotive, and defense \u2014 develops end-to-end, Moving Target Defense-based OT network solutions focused on enabling rigorous access control and sustained asset visibility. Dispel\u2019s approach provides significant security and operational efficiency advantages over legacy VPN and proxy solutions through automation, standards alignment, and integrations with industry peers.\\xa0\"}),/*#__PURE__*/e(\"p\",{children:\"With over 20 million hours of safe operation, Dispel\u2019s Zero Trust Remote Access platform goes beyond traditional solutions to provide the comprehensive suite of features needed in high-value operational technology settings, such as password vaulting, privileged access management, session recording, vendor self-management, just-in-time access, and endpoint isolation.\"}),/*#__PURE__*/e(\"p\",{children:\"This partnership signifies a determined, shared commitment by Dispel and Mitsubishi Electric Corporation to extend OT cybersecurity capabilities, offering secure, efficient, and resilient operational solutions to the entire industrial consumer base.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"About Dispel\"})}),/*#__PURE__*/t(\"p\",{children:[\"Dispel is a leading provider of zero trust remote access and moving target defense networks. Founded in 2015, with offices in New York, Austin, Washington, D.C., and Tokyo, Dispel serves industrial and defense clients worldwide, protecting over $280 billion of manufacturing and the utilities covering over 47 million people each year. Dispel\u2019s secure remote access, data streaming, and asset visibility platform enhances cybersecurity and efficiency capabilities for operational technology in a variety of industrial and military applications. For more information, please visit \",/*#__PURE__*/e(n,{href:\"https://dispel.com/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"www.dispel.com\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"About Mitsubishi Electric Corporation\\xa0\"})}),/*#__PURE__*/t(\"p\",{children:[\"With more than 100 years of experience in providing reliable, high-quality products, Mitsubishi Electric Corporation (TOKYO: 6503) is a recognized world leader in the manufacture, marketing and sales of electrical and electronic equipment used in information processing and communications, space development and satellite communications, consumer electronics, industrial technology, energy, transportation and building equipment. Mitsubishi Electric enriches society with technology in the spirit of its \u201CChanges for the Better.\u201D The company recorded a revenue of 5,003.6 billion yen (U.S.$ 37.3 billion*) in the fiscal year ended March 31, 2023. For more information, please visit \",/*#__PURE__*/e(n,{href:\"https://www.mitsubishielectric.com/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"www.MitsubishiElectric.com\"})}),\".\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"em\",{children:\"*U.S. dollar amounts are translated from yen at the rate of \\xa5134=U.S.$1, the approximate rate on the Tokyo Foreign Exchange Market on March 31, 2023 \\xa0\"})]})]});export const richText7=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"Dispel Device Posture Checking helps ensure that if a device isn't secure, it can't connect to your infrastructure. \"})}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"Posture Checking is an advanced feature integrated within the Dispel Application, designed to scrutinize the security status of remote endpoint attempting to connect to your network. This feature is not just a gatekeeper but also an enforcer of security protocols, aligning devices cybersecurity policies.\"})}),/*#__PURE__*/e(\"p\",{children:\"Dispel Posture Checking is part of Dispel's proactive security measures designed to stop breaches before they happen by integrating controls into everyday remote access actions.\"}),/*#__PURE__*/e(\"h2\",{children:\"Key Features\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Multi-Platform Compatibility:\"}),\" Dispel\u2019s Posture Checking is supported natively in our Mac and Windows apps. Posture Checking deploys with all installations minimizing IT complexity for secure remote access.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Policy Enforcement:\"}),\" Posture Checking enforces predefined rules, like specific operating system requirements, to validate the security hygiene of a device before allowing remote access to your industrial control systems.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Automatic Access Denial:\"}),\" In cases where a device's security posture fails to meet the established criteria, access is automatically denied. This holds true even for devices belonging to known employees, so you're never exposed.\"]})})]}),/*#__PURE__*/e(\"h2\",{children:\"What is Posture Checking?\"}),/*#__PURE__*/e(\"p\",{children:\"Posture checking refers to the process of evaluating and verifying the security status of a device before it accesses a network. This involves checking whether the device adheres to a set of predefined security standards, such as up-to-date antivirus software, operating system patches, and compliance with specific security policies.\"}),/*#__PURE__*/e(\"h2\",{children:\"Why is Posture Checking Important?\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Preventing Unauthorized Access:\"}),\" Ensures that only devices meeting strict security criteria can access the network, reducing the risk of cyber threats.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Compliance with Regulations:\"}),\" Many industries are governed by stringent data security regulations. Posture checking helps in maintaining compliance and avoiding potential legal penalties.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Maintaining Network Integrity:\"}),\" By allowing only secure devices on the network, the overall integrity and reliability of the network are preserved.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"For sectors like manufacturing, utilities, and government, where operational technology (OT) systems are critical, the integration of Dispel's Device Posture Checking is particularly beneficial. It ensures that the devices interacting with industrial control systems are vetted for security compliance, helping safeguard against potential cyber threats that could disrupt operations or compromise sensitive information.\"}),/*#__PURE__*/e(\"h3\",{children:\"Pre-Flight Checks\"}),/*#__PURE__*/e(\"p\",{children:\"Before a remote access session begins, the endpoint's security posture is verified and then continuously monitored. Any changes or deviations from the set security standards can trigger automatic re-assessment or disconnection.\"}),/*#__PURE__*/e(\"h3\",{children:\"Seamless Integration\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel Posture Checking comes embedded in our Mac and Windows applications. You can deploy our apps from the Apple App Store or through your MDM service for simple enterprise-wide distribution.\"}),/*#__PURE__*/e(\"h3\",{children:\"Gain Fleet Visibility\"}),/*#__PURE__*/e(\"p\",{children:\"While Dispel recommends isolating untrusted endpoints into disposable Virtual Desktops for clean sessions, apps are convenient ways for trusted devices within your fleet to make SD-WAN-based secure remote access connections to operational technology, SCADA systems, and industrial control systems. Posture Checking supports your fleet visibility efforts by enforcing perimeter security rules on every device before allowing a connection to be established.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"Dispel\u2019s Device Posture Checking is more than just a security feature; it\u2019s an essential component of a modern cybersecurity strategy. By understanding the concept of posture checking and its significance, and then implementing Dispel\u2019s advanced solution, organizations can significantly elevate their defense against digital threats, ensure compliance, and maintain the integrity of their network systems.\"})})]});export const richText8=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"Dispel's latest addition to its Zero Trust Access solutions, Dispel Vault, offers a robust, secure, and transparent method for managing and securing credentials to critical systems. This blog post examines the innovative features of Dispel Vault and their significance for organizations in sectors such as manufacturing, utilities, building management, and government who are implementing secure remote access to their industrial control systems (ICS) and operational technology (OT).\"})}),/*#__PURE__*/e(\"h2\",{children:\"The Risks of Sharing End-Device Password Credentials\"}),/*#__PURE__*/e(\"p\",{children:\"Sharing end-device password credentials with users presents several security and operational challenges. Firstly, the process of distributing these credentials to new or existing users is not only inconvenient but also prone to errors. It often involves insecure methods of transmission, such as email or messaging, which can be intercepted by unauthorized parties. Furthermore, the more individuals who have access to these credentials, the higher the risk of accidental or intentional knowledge spillage, potentially leading to security breaches. Additionally, managing and tracking who has access to what credentials can become cumbersome and error-prone, especially in large or rapidly changing environments.\"}),/*#__PURE__*/e(\"h2\",{children:\"Secure Credential Storage\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel Vault introduces a centralized and secure credential storage system. Users can access devices without direct exposure to specific credentials, as these are securely and automatically applied during session initiation. This reduces the risk of credential exposure and simplifies the overall access management.\"}),/*#__PURE__*/e(\"h2\",{children:\"No Sharing Passwords\"}),/*#__PURE__*/e(\"p\",{children:\"A key principle of Dispel Vault is the elimination of password sharing among team members. By providing a system where passwords are centrally managed and not exposed to users, it significantly reduces the risks associated with credential transmission and knowledge spillage. This approach not only bolsters security but also streamlines the access process.\"}),/*#__PURE__*/e(\"h2\",{children:\"Dynamic Password Rotation\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel Vault offers dynamic password rotation for devices that support this feature. This mechanism automatically changes device passwords at set intervals, further securing access points against attacks targeting static passwords. While this feature's applicability depends on the device's capability, it represents an important step in enhancing security for compatible systems.\"}),/*#__PURE__*/e(\"h2\",{children:\"Implementing Dispel Vault for Your Organization\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"Dispel Vault represents a significant advancement in secure remote access for operational technology and SCADA environments. By offering secure credential storage, eliminating password sharing, and supporting dynamic password rotation, Dispel Vault aligns with the principles of zero trust access, providing a more secure and efficient method for managing access to critical systems.\"})})]});export const richText9=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"In the time-sensitive world of Operational Technology (OT), professionals face the challenge of managing multiple systems efficiently and securely from a single pane of glass even when they're not at their main factory or plant operations room. Dispel's Zero Trust Access with multi-monitor viewing emerges as a revolutionary solution, transforming how OT environments are monitored and managed. This innovative feature not only enhances operational efficiency but also integrates critical audio alerts and supports diverse client needs, making it an indispensable tool for today's complex industrial landscapes. Discover how Dispel's cutting-edge technology is redefining the standards of operational management and security, and why it is becoming the go-to choice for industry leaders.\"})}),/*#__PURE__*/e(\"h1\",{style:{\"--framer-font-size\":\"20px\"},children:\"Key Benefits of Dispel's Multi-Monitor Viewing\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"16px\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:[/*#__PURE__*/e(\"strong\",{children:\"Enhanced Operational Efficiency\"}),\": Streamlines programming and debugging across different systems, allowing OT personnel to manage multiple tasks simultaneously.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Comprehensive Situational Awareness\"}),\": Provides real-time visual access to various systems, enabling better decision-making and quicker response to issues.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Audio Passthrough Feature\"}),\": Ensures critical alarms and notifications are heard, enhancing safety and operational responsiveness.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Multi-Client Support for MSSPs\"}),\": Enables Managed Security Service Providers to efficiently monitor and manage multiple clients\u2019 systems from a unified interface.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:[/*#__PURE__*/e(\"strong\",{children:\"Seamless Integration into OT Environments\"}),\": Designed to fit into existing workflows with minimal disruption, making it an ideal solution for diverse operational settings.\"]})})]}),/*#__PURE__*/e(\"h2\",{children:\"Addressing OT Challenges with Advanced Viewing Capabilities\"}),/*#__PURE__*/e(\"p\",{children:\"In the realm of Operational Technology (OT), professionals often grapple with the complexity of programming, debugging, and monitoring across disparate systems. This process can be cumbersome, especially when each system requires dedicated attention and screen space. Dispel's Zero Trust Access solution addresses this challenge head-on with its multi-monitor viewing feature. This capability allows OT personnel to have multiple remote systems displayed in real time across several desktop monitors. This is not just a convenience; it's a game-changer in terms of efficiency and accuracy.\"}),/*#__PURE__*/e(\"h2\",{children:\"Multi-Monitor Viewing: A Solution for Complex Environments\"}),/*#__PURE__*/e(\"p\",{children:\"Consider a scenario in a manufacturing plant, where engineers need to monitor assembly line automation systems, quality control parameters, and safety protocols simultaneously. Dispel\u2019s multi-monitor setup enables them to view these disparate systems side-by-side, streamlining the process of cross-referencing and decision-making. It's not just about seeing more; it's about achieving a comprehensive understanding of what's happening across the entire operational landscape.\"}),/*#__PURE__*/e(\"h2\",{children:\"The Importance of Audio Passthrough in OT Settings\"}),/*#__PURE__*/e(\"p\",{children:\"Audio signals, particularly alarms, play a crucial role in OT environments. Dispel recognizes this and incorporates audio passthrough in its Zero Trust Access solution. This feature ensures that operators don't just see what's happening across their systems, but also hear critical alarms and notifications. This audio-visual integration is vital for maintaining safety standards and responding swiftly to potential issues.\"}),/*#__PURE__*/e(\"h2\",{children:\"Empowering MSSPs with Multi-Client Support\"}),/*#__PURE__*/e(\"p\",{children:\"Managed Security Service Providers (MSSPs) serve a range of clients with diverse needs. Dispel\u2019s multi-monitor viewing is designed with multi-client support, allowing MSSPs to efficiently manage and monitor different client environments from a single, unified interface. This not only enhances the service delivery but also ensures that MSSPs can provide tailored, responsive support to each client.\"}),/*#__PURE__*/e(\"h2\",{children:\"A Step Forward in Operational Technology\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel's multi-monitor viewing capability is more than a technical feature; it's a strategic tool that transforms how OT operations are managed. By addressing the challenges of multi-system programming and debugging, integrating crucial audio signals, and supporting the diverse needs of MSSPs, Dispel is setting a new standard in operational technology management. This innovation isn't just about seeing different systems; it's about seeing the bigger picture.\"})]});export const richText10=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"span\",{children:\"We're thrilled to announce that Dispel has been awarded the prestigious \\\"\"}),/*#__PURE__*/e(n,{href:\"https://sell.g2.com/g2-trust-badges\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(105, 87, 211)\"},children:/*#__PURE__*/e(\"strong\",{children:\"High Performer\"})})})}),'\" badge in ',/*#__PURE__*/e(n,{href:\"https://company.g2.com/about?_gl=1*ndocwc*_ga*MjUyMDYxNjMzLjE2OTM1MzM5NDk.*_ga_MFZ5NDXZ5F*MTY5NzU4MzEzNy4xOS4xLjE2OTc1ODg1NzAuNTQuMC4w\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"G2's Fall 2023 Report\"})}),\", with an impressive rating of 4.8 out of 5.0 stars. This recognition on the peer-to-peer review platform for business software reflects our dedication to providing top-tier secure remote access solutions to our valued customers.\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),'\"',/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(105, 87, 211)\"},children:\"G2 stands as the leading and highly reputable software marketplace, with over 80 million annual users, including employees at Fortune 500 companies. G2's platform empowers individuals to make informed software choices, relying on genuine peer reviews to guide their decisions\"}),'.\" - ',/*#__PURE__*/e(\"span\",{style:{\"--framer-font-size\":\"14px\",\"--framer-letter-spacing\":\"-0.004em\"},children:\"Source: \"}),/*#__PURE__*/e(n,{href:\"https://company.g2.com/about?_gl=1*ndocwc*_ga*MjUyMDYxNjMzLjE2OTM1MzM5NDk.*_ga_MFZ5NDXZ5F*MTY5NzU4MzEzNy4xOS4xLjE2OTc1ODg1NzAuNTQuMC4w\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"G2\"})})]}),/*#__PURE__*/t(\"p\",{style:{\"--framer-font-size\":\"16px\",\"--framer-line-height\":\"1.25em\"},children:[/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"br\",{})}),/*#__PURE__*/e(n,{href:\"/features\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(0, 0, 0)\"},children:/*#__PURE__*/e(\"strong\",{children:\"What Is Dispel\"})})})}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"Dispel is at the forefront of secure remote access to industrial control systems, also known as OT (Operational Technology) infrastructure. Our platform offers a comprehensive suite of features, including: \",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(105, 87, 211)\"},children:/*#__PURE__*/e(\"strong\",{children:\"Unified Identity & Access Management:\"})}),\" Seamlessly manage user identities and access permissions. \",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(105, 87, 211)\"},children:/*#__PURE__*/e(\"strong\",{children:\"Logging and Session Recording:\"})}),\" Maintain a record of all activities for security and compliance purposes. \",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(105, 87, 211)\"},children:/*#__PURE__*/e(\"strong\",{children:\"Disposable Systems:\"})}),\" Protect your infrastructure from ransomware and malware with disposable, ephemeral systems. \",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(105, 87, 211)\"},children:/*#__PURE__*/e(\"strong\",{children:\"Moving Target Defense-based SD-WAN:\"})}),/*#__PURE__*/e(\"strong\",{children:\" \"}),\"Create dynamic, ever-changing connections to your facilities, enhancing security. \",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(105, 87, 211)\"},children:/*#__PURE__*/e(\"strong\",{children:\"Access Control List (ACL) Enforcement:\"})}),\" Strictly control and enforce access policies.\"]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"313\",src:\"https://framerusercontent.com/images/yDWulQXmcsxTQVHZqVgP1uCUvE.png\",srcSet:\"https://framerusercontent.com/images/yDWulQXmcsxTQVHZqVgP1uCUvE.png?scale-down-to=512 512w,https://framerusercontent.com/images/yDWulQXmcsxTQVHZqVgP1uCUvE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/yDWulQXmcsxTQVHZqVgP1uCUvE.png 1115w\",style:{aspectRatio:\"1115 / 627\"},width:\"557\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(n,{href:\"https://www.g2.com/products/dispel/reviews\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"strong\",{children:\"What Customers Are Saying About Dispel\"})})})]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"406\",src:\"https://framerusercontent.com/images/ymzEwShv4sS00bPx3kkTeo9eu1o.png\",srcSet:\"https://framerusercontent.com/images/ymzEwShv4sS00bPx3kkTeo9eu1o.png?scale-down-to=512 512w,https://framerusercontent.com/images/ymzEwShv4sS00bPx3kkTeo9eu1o.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/ymzEwShv4sS00bPx3kkTeo9eu1o.png 1216w\",style:{aspectRatio:\"1216 / 812\"},width:\"608\"}),/*#__PURE__*/e(n,{href:\"https://www.g2.com/products/dispel/reviews/dispel-review-8726324\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{className:\"framer-image\",\"data-preset-tag\":\"img\",children:/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"537\",src:\"https://framerusercontent.com/images/T5KKfNmpfLVbSmMHTmHu6kcxk.png\",srcSet:\"https://framerusercontent.com/images/T5KKfNmpfLVbSmMHTmHu6kcxk.png?scale-down-to=512 512w,https://framerusercontent.com/images/T5KKfNmpfLVbSmMHTmHu6kcxk.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/T5KKfNmpfLVbSmMHTmHu6kcxk.png 1216w\",style:{aspectRatio:\"1216 / 1074\"},width:\"608\"})})}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"strong\",{children:\"Get an insider's perspective on our product's performance\u2014\"})}),/*#__PURE__*/e(n,{href:\"https://www.g2.com/products/dispel/reviews\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"strong\",{children:\"explore G2 reviews to see why customers choose us\"})})})}),/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"strong\",{children:\". \"})})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"Our customers appreciate the simplicity, security, and exceptional customer support that Dispel provides. We are honored to receive such positive feedback and look forward to continuing to meet and exceed the expectations of our users.\\xa0\"})}),/*#__PURE__*/e(n,{href:\"https://www.g2.com/products/dispel/reviews\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{className:\"framer-image\",\"data-preset-tag\":\"img\",children:/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"313\",src:\"https://framerusercontent.com/images/R1CPOjh1ftCEaTUPFdnmYleao.png\",srcSet:\"https://framerusercontent.com/images/R1CPOjh1ftCEaTUPFdnmYleao.png?scale-down-to=512 512w,https://framerusercontent.com/images/R1CPOjh1ftCEaTUPFdnmYleao.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/R1CPOjh1ftCEaTUPFdnmYleao.png 1115w\",style:{aspectRatio:\"1115 / 627\"},width:\"557\"})})}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"br\",{})})}),/*#__PURE__*/e(\"p\",{children:\"\\xa0\"})]});export const richText11=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Next Gen Zero Trust Access (ZTA)\\xa0\",/*#__PURE__*/e(\"strong\",{children:\"uses a combination of identity management, automated segmentation, control rules, disaster recovery intelligence, and session recording, so known and unknown attacks can be immediately prevented clear device control can be maintained.\"}),\"\\xa0ZTA is cloud-based, which allows it to be deployed in hours instead of months, and the burden of maintaining software, managing jump hosts, and updating user access windows is eliminated.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/t(\"strong\",{children:[\"Expert Note \",/*#__PURE__*/e(\"br\",{}),\"ZTA is the next step in access management, using an integrated approach to deliver more complete and effective facility security than is possible with legacy access tools.\"]})}),/*#__PURE__*/e(\"h2\",{children:\"Next Gen ZTA vs Legacy Access\"}),/*#__PURE__*/e(\"img\",{alt:\"ZTA vs Legacy Access: Protection against Advanced Persistent Threats: Uses a combination of identity & access management, granular access control list rules, moving target defense, and session recording. - Relies on VPN and set rules which are slow to update and ineffective against sophisticated attacks.; Level of control and visibility: Combined cybersecurity achieves mutually complementary visibility down to time, user, device, port, and protocol access. - Access is unrestricted after the legacy access point and no session visibility is maintained. Updates are manual and slow.; Time-to-value: Implementation takes hours - Implementation takes months.\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/gHvTvAdxfBVn8SQsgxC6nwEieg.png\",srcSet:\"https://framerusercontent.com/images/gHvTvAdxfBVn8SQsgxC6nwEieg.png?scale-down-to=512 512w,https://framerusercontent.com/images/gHvTvAdxfBVn8SQsgxC6nwEieg.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/gHvTvAdxfBVn8SQsgxC6nwEieg.png 1310w\",style:{aspectRatio:\"1310 / 950\"},width:\"655\"}),/*#__PURE__*/e(\"p\",{children:\"In the early days of Legacy Access, IT teams actually used to allow a direct VPN into a network from an endpoint. This was because per-user access control list rules did not exist yet. The only other option was using numerous concentrators, which take a long time to set up and maintain. So IT teams used single-tenant VPN tunnels based on perimeter security. This meant an endpoint was trusted once it established a VPN connection, with relatively little control over it inside the network once they were in.\"}),/*#__PURE__*/e(\"p\",{children:\"IT teams used Legacy Access from the 1990s through 2010s, and they worked well, except for when they didn\u2019t. They had one key issue: when Legacy Access connected an endpoint to a device, there is direct bi-directional data transfer. When the endpoint is secure, this is okay. But even with a small amount of malware, each time you connect an endpoint the malware is trying to transfer across the perimeter and into the network and its devices. Combine that with the wide access once within the perimeter and limitations of detection, and Legacy Access tools were known to allow attackers into networks.\"}),/*#__PURE__*/e(\"h3\",{children:\"Protection against Advanced Persistent Threats\"}),/*#__PURE__*/e(\"p\",{children:\"Legacy Access focuses on protecting the tunnel between a remote site and an endpoint. Legacy Access relies on encryption, such as VPNs, and manually configured user rules to secure the remote session. This approach has become obsolete as sophisticated attackers have found other ways around Legacy Access defenses, such as leveraging phishing attacks that use malware, ransomware, and human error to launch attacks. 80% of companies are estimated to have experienced a ransomware attack, with nearly 50% impacting OT/industrial control system (ICS) environments.\"}),/*#__PURE__*/e(\"p\",{children:\"Legacy Access leaves companies constantly in a defensive mode, with static VPNs that are easily identified, mapped, and targeted. Companies using Legacy Access are only able to defend against attacks at human speed and without any visibility to know when one is happening. That approach was what was the best at the time but today, with threats and operational efficiencies, it is now inadequate.\"}),/*#__PURE__*/e(\"p\",{children:\"Zero Trust Access eliminates these shortcomings by combining multiple cybersecurity capabilities\u2014such as identity & access management, moving target defense, session recording, continuous monitoring, and request access windows\u2014into one integrated approach to achieve mutually complementary effects that eliminates the entirely reactive posture Legacy Access put companies in.\"}),/*#__PURE__*/e(\"h3\",{children:\"Level of control and visibility\"}),/*#__PURE__*/e(\"p\",{children:\"Legacy Access was designed to secure the connection from an endpoint to the network edge. Some Legacy Access tools go a bit beyond and allow IT managers to specify which protocols are allowed through the tunnel, such as SSH or FTP. That is where Legacy Access tools tend to stop though. They are, in essence, VPN tools. They do not drill down into the network, and they are not highly integrated cross-functional cybersecurity platforms. Modern ZTA gives extensive control and visibility down to designating exactly which IPs, ports, and protocols are permitted per device within the network. Moreover, Legacy Access did and does not isolate a connecting endpoint from the systems that endpoints talk to. This means malware and ransomware pass through during a session.\"}),/*#__PURE__*/e(\"p\",{children:\"Next Gen ZTA solves the problems in control and visibility inherent in Legacy Access. With ZTA, administrators know exactly what is in their network; who has access to what; when they have that access; what they do during the session; and sandboxes all session to prevent malware attacks. ZTA platforms with moving target defense mitigate reconnaissance efforts.\"}),/*#__PURE__*/e(\"h3\",{children:\"Time-to-value\"}),/*#__PURE__*/e(\"p\",{children:\"ZTA platforms automate the manual aspects of Legacy Access and thereby eliminate the need for maintaining VPN concentrators, jump boxes, manual VDIs, and bastions. Patching and continuous hardening are also maintained by Software-as-a-Service (SaaS) ZTA products.\"}),/*#__PURE__*/e(\"p\",{children:\"ZTA tools can be deployed in minutes, not days, and require no manual upkeep. The time-to-value of Next Gen ZTA can therefore be measured in weeks not years. In these calculations, the total value must be defined by considering three items: the price of the product, the human time spent running it, and the cost of testing and compliance. Because they are at end-of-life, Legacy Access tools are generally inexpensive. But they must be manually managed by security teams\u2014generally the most expensive piece\u2014and many if not all do not come with modern compliance certifications such as SOC 2 Type 2 and ISO 27001 audit reports or alignment documentation against IEC 62443; NERC-CIP Section 5; and NIST CSF, 800-53, 800-82, or 800-160 Volume 2. Such certifications and assessments may cost several multiples of the base price of Legacy Access.\"}),/*#__PURE__*/e(\"h2\",{children:\"What to look for in a Next-Generation ZTA Solution?\"}),/*#__PURE__*/e(\"p\",{children:\"An efficient Next Gen ZTA solution will leverage modern technologies to counter evolving tactics, techniques, and procedures utilized by adversaries to attack organizations, ranging from widespread malware and ransomware to sophisticated reconnaissance and lateral attacks. Here are the protection capabilities to look for:\"}),/*#__PURE__*/e(\"p\",{children:\"\\xa0\"}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"315\",src:\"https://framerusercontent.com/images/vQwNjYDFR29x4BDdl4S1v23nmk.png\",srcSet:\"https://framerusercontent.com/images/vQwNjYDFR29x4BDdl4S1v23nmk.png?scale-down-to=512 512w,https://framerusercontent.com/images/vQwNjYDFR29x4BDdl4S1v23nmk.png 950w\",style:{aspectRatio:\"950 / 630\"},width:\"475\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"h3\",{children:\"Gaining visibility & control\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"18px\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Identity & Access Management (IAM):\"}),\"\\xa0IAM is responsible for identifying and authenticating users and devices and authorizing them to access resources. IAM includes components such as time-based access windows, multi-factor authentication, identity federation, and role-based access control.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Asset Management:\"}),\"\\xa0Asset management tools are responsible for registering and tracking all devices on the network. This includes assigning IP addresses, ports, and protocols permissible for network activity. Asset management tools give organizations visibility into their network, making it easier to identify and manage potential security risks. By tracking all devices on the network, organizations can ensure that only authorized devices are connected to the network, and that they are operating within the expected parameters. This helps to prevent unauthorized changes to the network and ensures that critical systems are protected from cyber threats.\"]})})]}),/*#__PURE__*/e(\"h3\",{children:\"Prevention of targeted attacks\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"18px\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Moving Target Defense:\"}),\"\\xa0A moving target defense (MTD) tool prevents vulnerability exploitation and target analysis by attackers. MTD networks significantly increase the cost of targeting and attacking OT systems by rendering reconnaissance intelligence obsolete and useless in an hourly or daily basis. MTD networks are also critical for dealing with ransomware, since they can automatically patch their components.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Network Segmentation:\"}),\"\\xa0Network segmentation is the process of dividing a network into smaller segments, each with its own security controls. Segmented networks limit the exposure of critical systems and reduce the risk of lateral movement by attackers.\"]})})]}),/*#__PURE__*/e(\"h3\",{children:\"Prevention of malware & ransomware\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"18px\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Endpoint Isolation:\"}),\"\\xa0Endpoint isolation involves securing devices and systems that are connected to the network, including computers and mobile devices. This disposable intermediate infrastructure, such as hardened, cycling virtual desktops.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Network Encryption and Tunneling:\"}),\"\\xa0Network encryption and tunneling secures traffic to and from the industrial control system over the public internet against intercepted data being read by unauthorized parties. In particular, a Virtual Private Network (VPN) or Software Defined-Wide Area Network (SD-WAN) can provide a secure and encrypted connection between multiple endpoints over a public network such as the internet.\"]})})]}),/*#__PURE__*/e(\"h3\",{children:\"Security monitoring integration\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-font-size\":\"18px\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Monitoring and Analytics:\"}),\"\\xa0Monitoring and analytics tools provide visibility into network activity and detect anomalies and threats in real-time. This includes session recording, network activity logs, keystroke logging and integrations with tools such as Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Security Operations Center:\"}),\"\\xa0A security operations center (SOC) is a centralized unit responsible for monitoring and responding to security incidents. The SOC is staffed by security professionals who use advanced tools and techniques to detect and respond to security incidents.\"]})})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/t(\"strong\",{children:[\"Expert note\",/*#__PURE__*/e(\"br\",{}),\"Did you know that Legacy Access have had vulnerabilities found in their VPN systems allowing an attacker to take control of an affected system? Compare the performance of your current Legacy Access and see what your system is missing.\"]})}),/*#__PURE__*/e(\"h2\",{children:\"How ZTA Works\"}),/*#__PURE__*/e(\"p\",{children:\"A ZTA system is a security model that requires all users and devices to be authenticated and authorized before being granted access to a target system. It assumes that all users and devices, even those inside the network, are potentially a security risk and should not be trusted by default.\"}),/*#__PURE__*/e(\"p\",{children:\"A complete ZTA platform should follow guidelines appropriate to the sector the enterprise is operating in, such as NIST CSF, 800-53, 800-82, and IEC 62443. Modern guidelines generally call for all the following components: IAM, network encryption and tunneling, moving target defense, network segmentation, endpoint isolation, monitoring and analytics, asset management, and a SOC. By following guidelines from various reference frameworks, organizations can ensure that their ZTA system is comprehensive and effective in attack prevention.\"}),/*#__PURE__*/e(\"h3\",{children:\"Compare and contrast\"}),/*#__PURE__*/e(\"img\",{alt:\"ZTA vs Legacy Access: Identity & Access Management, Network Encryption & Tunneling, Moving Target Defense, Network Segmentation, Endpoint Isolation, Monitoring & Analytics, Asset Management, SOC Integration\",className:\"framer-image\",height:\"732\",src:\"https://framerusercontent.com/images/rIzmqFLLWua7sZPPMEvcN9Dlc.png\",srcSet:\"https://framerusercontent.com/images/rIzmqFLLWua7sZPPMEvcN9Dlc.png?scale-down-to=1024 674w,https://framerusercontent.com/images/rIzmqFLLWua7sZPPMEvcN9Dlc.png 964w\",style:{aspectRatio:\"964 / 1464\"},width:\"482\"}),/*#__PURE__*/e(\"h2\",{children:\"Integrated OT ZTA Solutions Are Significantly Faster\"}),/*#__PURE__*/e(\"p\",{children:\"Using a fully integrated ZTA system, like Dispel, is significantly more efficient for operators and administrators because it provides a single, centralized platform for managing access security across the network. Instead of having to manually manage multiple disparate security tools and platforms, operators and administrators can use a single platform to automatically manage access, monitor network activity, and detect and respond to security incidents.\"}),/*#__PURE__*/e(\"p\",{children:\"This saves time and reduces the likelihood of errors or oversights that can lead to security breaches.\"}),/*#__PURE__*/t(\"p\",{children:[\"Expert Note \",/*#__PURE__*/e(\"br\",{}),\"Dispel improved clients\u2019 incident response by 97% and saved users over 365,000 FTE hours.\",/*#__PURE__*/e(\"br\",{}),\"Integrations also reduce the cost of ownership. Because they contain relatively few components and they are obsolete, Legacy Access tools have a low initial cost. Maintenance, oversight, and management costs drive the price of ownership up considerably because of the number of people needed to manually manage Legacy Access platforms at scale.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Security Standards Govern Access\"}),/*#__PURE__*/e(\"p\",{children:\"Remote access is a critical aspect that needs to be properly secured. Fortunately, there are various modern security guidelines and requirements, including those that address remote access. Some of the most important ones are NIST, IEC 62443, NERC-CIP Section 5, and WITAF 503. These guidelines and requirements provide recommendations and best practices for securing systems and preventing cyberattacks. By following these guidelines and requirements, organizations can ensure that their networks prevent against cyber threats that could cause significant damage.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"NIST\"})}),/*#__PURE__*/t(\"p\",{children:[\"The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce responsible for developing and promoting measurement, standards, and technology. NIST provides cybersecurity guidance for organizations, including the Cybersecurity Framework (CSF) and various Special Publications (SPs). Among these SPs are 800-53 (\",/*#__PURE__*/e(\"em\",{children:\"Security and Privacy Controls for Information Systems and Organizations\"}),\"), 800-82 (\",/*#__PURE__*/e(\"em\",{children:\"Guide to Industrial Control Systems (ICS) Security\"}),\"), and 800-160 Volume 2 (\",/*#__PURE__*/e(\"em\",{children:\"Developing Cyber-Resilient Systems\"}),\"). These publications provide comprehensive guidelines for securing industrial control systems and protecting critical infrastructure against cyber threats.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"IEC 62443\"})}),/*#__PURE__*/e(\"p\",{children:\"IEC 62443 is an international standard that provides guidelines for developing a comprehensive cybersecurity management system for industrial automation and control systems (IACS). It includes a lifecycle model that helps organizations manage cybersecurity from the beginning of a project through to the end of the system's life, and includes guidelines for secure development, testing, and deployment of IACS.\"}),/*#__PURE__*/e(\"h2\",{children:\"Replacing your outdated Legacy Access\"}),/*#__PURE__*/t(\"p\",{style:{\"--framer-text-alignment\":\"left\"},children:[/*#__PURE__*/e(n,{href:\"http://dispel.com/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Dispel\\xa0Zero Trust Access\"})}),\" is the new standard in control, delivering superior protection from malware, intrusion, advanced persistent threats, and\\xa0insider attacks. Organizations gain an unprecedented level of control and visibility into each access session in an easy-to-read workflow map that provides the details and context necessary to understand what\u2019s happening on the network and how to proceed effectively.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"\u201CIf you are looking for a robust product for accessing\u2026assets securely and reliably, this is it.\u201D\"})}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"-\\xa0\\xa0\\xa0\\xa0\\xa0\\xa0 IT Security Manager\"})})]});export const richText12=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Zero trust emerged in the mid 2010s in response to continued failings of static defenses to keep attackers out. Static defenses\u2014classic, medieval castle-style defense in depth\u2014assumed a perfectly built security architecture would successfully lock bad actors out of a network. Only authenticated users with correct permissions could pass the gates and guards\u2014firewalls, intrusion detection, signature-based defenses against malware, and extensive and expensive logging. But real world data showed the static defense model was failing. Successful cyberattacks were increasing, not decreasing. What was going wrong?\"}),/*#__PURE__*/e(\"p\",{children:\"The sanctity of a user\u2019s identity lives at the center of a successful cybersecurity plan. While tactics may vary by sector and purpose, fundamentally we want the right user to get to the right data, and only that user and only that data. Identity demands authentication, and authorization permits access.\"}),/*#__PURE__*/e(\"p\",{children:\"Verifying one\u2019s identity through authentication (usually a password) became the primary target for offense and defense. We authenticate someone\u2019s identity through three classically accepted methods:\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{style:{\"--framer-font-size\":\"18px\"},children:\"What you know, \"})})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{style:{\"--framer-font-size\":\"18px\"},children:\"What you have, and \"})})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{style:{\"--framer-font-size\":\"18px\"},children:\"What you are. \"})})})]}),/*#__PURE__*/e(\"p\",{children:\"Really, what you are should be the first and final answer, but biometric infrastructure isn\u2019t sufficient, and the privacy concerns are real. What you know is usually a password. What you have is a physical token or device generating a time-based code, typically used to counter someone stealing your password. What you are would be a biometric, such as a fingerprint, facial recognition, or retinal scan.\"}),/*#__PURE__*/e(\"p\",{children:\"When a user authenticates their identity to a system for which they have authorization, the classic model was to trust that device (also known as an endpoint, which we will use interchangeably with devices going forward. Endpoint is a weird term used within the tech sector, used by no layperson I\u2019ve ever met, but as it\u2019s common parlance we\u2019ll be using it here too).\"}),/*#__PURE__*/e(\"p\",{children:\"Before zero trust, an endpoint was imbued with the authorization attributes of the human\u2019s identity. In other words, once a human user authenticated their identity with the authorized system, the endpoint got the same access privileges the human was accorded. It became a \u201Ctrusted endpoint.\u201D If there were malware on that endpoint, or the device were stolen, or someone simply read over your shoulder then oops. The trusted endpoint became an unauthorized access method to data and systems.\"}),/*#__PURE__*/e(\"p\",{children:\"Because humans aren\u2019t in the machine, zero trust posits that we must become skeptics of a trusted endpoint. We cannot simply accept an identified and authenticated user is the sole entity involved in a session. We must instead assume the user is untrustworthy. We have zero trust.\"}),/*#__PURE__*/e(\"h2\",{children:/*#__PURE__*/e(\"strong\",{children:\"Zero Trust in Practice\"})}),/*#__PURE__*/e(\"p\",{children:\"In practice, zero trust accepts user identity verification and authorization, and then challenges the veracity of a trusted session. Does the identity start performing unusual actions, such as accessing file systems they don\u2019t normally or downloading unusual amounts of data? Is behavior occurring during different hours than normal? Is their geolocation appropriate? Perhaps, at a device level, is their typing pattern what we expect or when they\u2019re walking is their gait and stride correct for the human behind the identity we\u2019re allowing access for?\"}),/*#__PURE__*/e(\"h2\",{children:/*#__PURE__*/e(\"strong\",{children:\"Disposable Components\"})}),/*#__PURE__*/e(\"p\",{children:\"These are mostly illustrative examples readily understandable for identity. Similar ones exist for the endpoints themselves: if we decide all endpoints are untrustworthy, then their access window must be minimized. We can compartmentalize the endpoint a user is on from its target system by placing their session into a segmented, isolated environment. Virtualization allows us to destroy session isolation environments and rebuild them from validated images over and over again. This method of disposable intermediate components means we do not need to trust that a user didn\u2019t track mud, malware, or malicious actors into our clean environment when we granted them a session\u2014at the end of their session we instead destroy the infrastructure they used. By destroying the intermediate endpoints, we delete malware and eject unauthorized users from our systems. Imagine the same practice in another field: medicine. Throwing away a medical glove is far easier than trying to scrub pathogens off our hands after treating a patient. We\u2019ll still use soap and water (firewalls, intrusion detection and prevention, heuristic and signature-based defenses, etc.), but it\u2019s far easier and less costly to prevent an infection rather than cure one when all it takes is a simple protective barrier.\"}),/*#__PURE__*/e(\"h2\",{children:/*#__PURE__*/e(\"strong\",{children:\"Moving Target Defense\"})}),/*#__PURE__*/e(\"p\",{children:\"Let\u2019s go back to that holy grail: a user\u2019s identity. We talked about the original data we had to protect: their password. It\u2019s what they know. But a password is not the only key piece of information an authorized user knows. They also know the location where they\u2019re authenticating. This takes a moment to process, because we treat that information as commonplace. In our everyday lives we know the URLs of websites we visit, and then log into.\"}),/*#__PURE__*/e(\"p\",{children:\"But take a step back and realize that if someone picks up a random password from the street, they don\u2019t know where to use it. It\u2019s not great the password is out there\u2014they could write a script to start trying to log into every website out there\u2014but that brute force guessing method is extremely time-expensive. Knowing where to log in means we know where to attack. Location data falls within the very first step of a successful attack, reconnaissance, on the dramatically named Cyber Kill Chain.\"}),/*#__PURE__*/e(\"p\",{children:\"We deny the information needed to target an attack using a technology called moving target defense. When a session ends or an attack commences, we move the location of the entrance to the target systems. The attacker must find the entrance all over again before they can begin the process again. In the real world, this method of concealment and maneuver is commonplace: militaries user camouflage and highly mobile vehicles to evade detection and destruction. Nuclear submarines are prized far above missile silos. If, as a way of hiding in a conflict, you were asked to wear bright neon with a flashing light atop your head in the middle of an open field, and further told to broadcast your location\u2014trusting your body armor to protect you\u2014you would look at the requester with some askance. They\u2019re surely mad. Yet we do precisely that all the time with static defenses and networks when we don\u2019t safeguard the location of our critical systems.\"}),/*#__PURE__*/e(\"p\",{children:\"Zero trust argues any information useful to accessing a system should be denied or destroyed at the earliest possible moment. By altering the entrance network topology, through the use of disposable components spread across and hidden within public cloud providers, we achieve the zero trust objective.\"})]});export const richText13=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"If you're here, you're probably a operational technology manager or IT security reader based in Australia looking to enable remote access to your environment while complying with the Australian Cyber Security Centre's (ACSC) cybersecurity protocols. It might be you're doing so for the very first time or looking to bring your organization into alignment with the the ACSC's guidance. Either way, what we'll do here is walk you through what the requirements are in the guidelines, and then how you can use Dispel to easily and automatically comply.\"}),/*#__PURE__*/t(\"p\",{children:[\"Dispel is a managed zero trust access (ZTA) platform designed specifically for OT/ICS environments. It combines multiple security modules around a secure access service edge (SASE) model to meet the cybersecurity control criteria. If you use Dispel, you'll automatically comply with most of the guidelines\",/*#__PURE__*/e(\"span\",{children:\"\u2014\"}),\"a lot cheaper and certainly faster than having to buy several different products and put it together yourself.\"]}),/*#__PURE__*/t(\"h2\",{children:[\"What is the Australian Cyber Security Centre \",/*#__PURE__*/e(\"em\",{children:\"Industrial Control Systems Remote Access Protocol\"}),\"?\"]}),/*#__PURE__*/t(\"p\",{children:[\"The Australian Cyber Security Centre's \",/*#__PURE__*/e(n,{href:\"https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/critical-infrastructure/industrial-control-systems-remote-access-protocol\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Industrial Control Systems Remote Access Protocol\"})}),/*#__PURE__*/t(\"span\",{children:[/*#__PURE__*/e(\"em\",{children:\"\\xa0\"}),\"provides guidance for how critical infrastructure should enable remote access to their Operational Technology Environments (OTE). \"]})]}),/*#__PURE__*/e(\"h2\",{children:\"Why is the ACSC putting this out?\"}),/*#__PURE__*/e(\"p\",{children:\"Industrial automation and control system (IACS) organizations increasingly use commercial off-the-shelf (COTS) networked devices that are inexpensive, efficient, and highly automated. Control systems are also increasingly interconnected with non-IACS networks for valid business reasons. These devices, open networking technologies, and increased connectivity elevate the theoretical cyber risk of control system hardware and software. This, in turn, has raised concerns over Health, Safety and Environmental (HSE), financial, and/or reputational consequences from cyberattacks on deployed control systems.\"}),/*#__PURE__*/t(\"p\",{children:[\"The ACSC ICS Remote Access Protocol is not a prescriptive guide. The goal of the document is to provide a flexible framework that \",/*#__PURE__*/e(\"em\",{children:\"facilitates\"}),\" addressing current and future vulnerabilities in IACSs and applying necessary mitigations in a systematic, defensible manner.\"]}),/*#__PURE__*/e(\"h2\",{children:\"How Dispel's ZTA architecture works in this model\"}),/*#__PURE__*/e(\"p\",{children:\"Next we'll go through a brief architecture overview of Dispel Remote Access, then details how Dispel\u2019s zero trust remote access solution meets and exceeds each design guideline put forth by the ACSC ICS Remote Access Protocol.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Purdue Model Diagram of Dispel Deployment\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"625\",src:\"https://framerusercontent.com/images/YLNbzPLutKDbj6cwZFtis3r8KTU.png\",srcSet:\"https://framerusercontent.com/images/YLNbzPLutKDbj6cwZFtis3r8KTU.png?scale-down-to=1024 775w,https://framerusercontent.com/images/YLNbzPLutKDbj6cwZFtis3r8KTU.png 948w\",style:{aspectRatio:\"948 / 1251\"},width:\"474\"}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Components\"})}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel Wicket ESI\"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Bottom third of diagram, Layer 3.5 of Purdue Model (OT DMZ)\"})}),/*#__PURE__*/e(\"p\",{children:\"The Dispel Wicket ESI is an on-premises remote access gateway that can be deployed as either hardware or a virtual appliance. It contains two network interface cards: North, and South. North connects outbound-only through a single port to a single IP to establish a remote access pathway through the SD-WAN, and South is given routability to devices on the OT network. On-premise firewalls can control the North and South sides independently to maintain strict need-based access and network segmentation. The Wicket ESI is the only on-premise installation required, and enables secure remote access to any device permitted on the South side network.\"}),/*#__PURE__*/e(\"p\",{children:\"\\xa0\"}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel SD-WANs \"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Grey box on upper left, cloud-based core network\"})}),/*#__PURE__*/e(\"p\",{children:\"The Dispel SD-WAN is the main bridge enabling remote access. The Wicket ESI proactively connects from one side of the SD-WAN, and on the other side, the Virtual Desktops are automatically networked in. Each Dispel SD-WAN is single-tenant to each customer, meaning your traffic and another customer\u2019s traffic will never traverse the same infrastructure. Additionally, Dispel SD-WANs are built with Moving Target Defense technology, enabling a shifting topology and increased resiliency.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"\\xa0\"})}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel VDIs (Virtual Desktops)\"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Top of diagram, cloud-based workstations\"})}),/*#__PURE__*/e(\"p\",{children:\"Dispel Virtual Desktops (VDIs) are single-use, time-limited workstations that users connect through to access the ICS network. Virtual desktops can be set to automatically cycle on an administrator-defined schedule. This ensures that each desktop is never used for more than 12 hours, and all valid credentials for remote access are cycled every 24 hours. Virtual desktops that connect to your ICS network will never connect to another network or another country. Lastly, virtual desktops will automatically build with the latest updates and patches to the day, and can be customized and imaged with your desired applications and security policies.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"\\xa0\"})}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel Logging and Recording\"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Blue boxes on the upper right, cloud-based add-ons\"})}),/*#__PURE__*/e(\"p\",{children:\"All access performed through Dispel is recorded in two ways:\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Syslog traffic packets which contain the user, timestamp, what devices the user accessed, and through which protocol. Dispel can provide an integrated server to store these logs as part of the managed deployment, or the traffic can be forwarded to a customer\u2019s existing SIEM (eg. Splunk).\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Full video screen recordings of each Virtual Desktop session. Recordings can be watched in real-time, and are saved for playback. Videos can be retained for an administrator-defined period of time, stored permanently, or exported. Dispel can provide a recording storage server to enable this functionality with no additional hardware needed from the customer.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Point-by-Point Guideline Mapping\"}),/*#__PURE__*/e(\"h3\",{children:\"Design Principles\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 1: By default, there should be no communication between the vendor and the critical infrastructure control system.\"}),/*#__PURE__*/e(\"p\",{children:\"By default, there is no communication possibility between the vendor and critical infrastructure. Access credentials are refreshed from session to session, ensuring the prevention of lingering or unwanted communication is. This is enforced at multiple levels:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"No direct access. All connections must go through a hardened virtual desktop acting as an intermediary.\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Vendors start from a suspended-by-default state, and must complete a \u201CRequest Access Form\u201D for their account to gain access to a single-tenant, locked-to-them virtual desktop. Access is granted only for the time window allowed by the administrator.\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The remote access network may be destroyed when not in use.\\xa0\"})})]}),/*#__PURE__*/e(\"h5\",{children:\"Design 2: Networks should be segmented and segregated.\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel\u2019s on-premises remote access gateway, which we call a \u201CWicket ESI\u201D has two segmented network interfaces. \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The North interface establishes an encrypted, outbound-only connection to the single-tenant Moving Target Defense (MTD) network, which we call a Dispel Enclave. This connection re-quires a single outbound-only firewall rule to a single IP address, through a single port. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The South interface provides gateway access to the OT environment. \"})})]}),/*#__PURE__*/e(\"p\",{children:\"The Wicket is deployed in the OT-DMZ between the internet facing firewall (for the North network interface) and the separate OT firewall (South network interface). No inbound firewall rules are needed from the Internet, and no devices on the control system need direct Internet access.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 3: Must be able to disconnect, revert, respond, and apply safety plans.\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel provides this functionality in a number of ways.\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Dispel helps detect incidents through session recording and traffic logging/monitoring. These help a customer gain visibility into their environments.\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Administrators may instantly delete Virtual Desktops suspected of malicious behavior. This allows the rest of the network to function normally while severing an isolated virtual desktop and disconnecting an unwanted user from the control system instantly.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Administrators may destroy the MTD remote access network on-demand if necessary. This would remove any potential for external connectivity and return the OT environment to a fully offline state.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Administrators may destroy the Wicket Virtual Machine (if virtual appliance) or unplug the Wicket\u2019s ethernet cables (if hardware appliance) as a secondary method of ensuring no possibility of external connectivity.\"})})]}),/*#__PURE__*/e(\"h5\",{children:\"Design 4: Multi-factor authentication should be used.\"}),/*#__PURE__*/e(\"p\",{children:\"Multi-factor authentication is enforceable at an organization level for all users on the Dispel platform.\\xa0 We support temporary one-time passwords (ToTP) or hardware tokens such as YubiKeys. We also have a number of SSO integrations with Active Directory, Microsoft, OAuth2.0 providers like Okta, and SAML.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 5: Login credentials must be unique to specific people.\"}),/*#__PURE__*/e(\"p\",{children:\"All Dispel logins are created on a per-user basis, whether through our login process or SSO. Further Multi-factor Authentication is used to further associate a user to their account. Vendors must also fill out an access request form wherein they provide their identity, reason/scope for access, and the time window they need to complete the task. This request must be approved by an authorized party and the request + approver are documented for auditing purposes.\\xa0\"}),/*#__PURE__*/e(\"h6\",{children:\"Design 6: Time limit the connection (e.g. to 24 hours or the length of a shift) and ensure the credentials are one-time-use credentials.\"}),/*#__PURE__*/e(\"p\",{children:\" All virtual desktops are built with one-time-use credentials and Administrator-defined time intervals. \"}),/*#__PURE__*/e(\"p\",{children:\"We recommend 12-hour shifts, and that any unused Virtual Desktops are automatically cycled every 24 hours. Thus, all active connections are limited to 12-hour sessions, and all unused desktop credentials expire after 24 hours automatically.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 7: If the connection is inactive for more than 30 minutes, the connection should be removed.\"}),/*#__PURE__*/e(\"p\",{children:\"Virtual Desktops automatically time out after 15 minutes of inactivity. This time limit is admin configurable. Configuration customizations like this are documented and delivered to the customer.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 8: Ensure there is a procedure to acquire approval for connection of remote access by a senior officer of the organisation.\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel can be configured to require access requests for every session through a built-in Request Access Form. \"}),/*#__PURE__*/e(\"p\",{children:\"The Request Access form automatically sends incoming requests to a defined list of senior officers / administrators. By default, only administrators of the remote access network and the relevant facility in question can approve Request Access Forms. In addition, an administrator may not approve their own request. \"}),/*#__PURE__*/e(\"p\",{children:\"For specific jurisdictions, administrators may delegate approval responsibilities to others. That list of approvers is only editable by those with administrator permissions, and is documented within the console.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 9: Ensure the device used at the remote (vendor) end is used solely for the purpose of connecting to the Australian critical infrastructure organisation.\"}),/*#__PURE__*/e(\"p\",{children:\"By using virtual desktops as disposable intermediate hosts, customers can ensure that:\\xa0 \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The virtual desktop used to complete the work was built for the explicit purpose of connecting to only the one Australian critical infrastructure needed to complete that scope of work.\\xa0\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The same virtual desktop will never be used across multiple countries or organizations. Each virtual desktop is allowed to connect to only one ICS environment, ever. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Vendors are never directly connecting to the ICS environment. All desktops that connect to the ICS environment will only connect to this specific ICS environment in its lifetime.\"})})]}),/*#__PURE__*/e(\"h5\",{children:\"Design 10: Apply ASD\u2019s \u2018Top Four\u2019 to the highest maturity level, with the rest of the \u2018Essential Eight\u2019 where applicable on the computer at the remote end.\"}),/*#__PURE__*/e(\"p\",{children:\"By using customer-controlled virtual desktops, they can ensure that: \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"[Mitigation 1] Only allowed applications are on the virtual desktop image. No additional application downloads are permitted. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"[Mitigation 2] Applications on the virtual desktops are patched to their latest versions. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"[Mitigation 3] Virtual desktops and remote access infrastructure is automatically patched at build and during its lifetime. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"[Mitigation 4] Privileges are scoped only to the specific devices they need access to and administrative privileges are not available on the virtual desktops. These mitigations comprise the ASD\u2019s \u201CTop Four\u201D. In addition, Dispel helps customers with multi-factor authentication, controlled use of application and endpoint hardening, and regular backups/disaster recovery to round out the Essential Eight.\"})})]}),/*#__PURE__*/e(\"h5\",{children:\"Design 11: Apply ASD\u2019s \u2018Essential Eight\u2019 where applicable on all interim machines internal to the critical infrastructure organisation\u2019s network that are not prevented from such measures for OT reasons.\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel\u2019s remote access platform is fundamentally different in that the customer, not the end vendor, will control the virtual desktops. Therefore all applicable measures desired in the ASD\u2019s \u2018Essential Eight\u2019 can be applied by default.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 12: \u2018Bastion hosts\u2019 (special-purpose computers on a network specifically designed and configured to withstand attacks) and interim machines should be turned off whenever possible.\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel employs disposable virtual infrastructure, which can be turned off when not in use to prevent attackers from acquiring a foothold. Further, these virtual desktops are cycled regularly and change on a daily basis, allowing connections for authorized users while preventing enemies from gaining footholds into the OT environment. \"}),/*#__PURE__*/e(\"p\",{children:\"Dispel\u2019s principle service is the orchestration and management of these virtual machines, so we will deliver a fully functional plan to customers during the deployment.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 13: To aid in mitigating the risk of supply chain attacks, critical infrastructure operators and vendors should put in place robust mechanisms to verify all software and tools used in the remote vendor access protocol process. \"}),/*#__PURE__*/e(\"p\",{children:\"As the owner of the virtual desktop image, the customer may review all software and tools used in the remote access process. \"}),/*#__PURE__*/e(\"p\",{children:\"Further, Dispel helps provide visibility by enacting port and protocol traffic monitoring, as well as full recording of virtual desktop sessions.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 14: Ensure contractually that any data viewed or acquired as part of the remote access is used only for the purpose of resolving the issue the remote access was granted for.\"}),/*#__PURE__*/e(\"p\",{children:\"As all work is completed within the virtual desktop environment, so all associated data never needs to leave the controlled scope of the customer. \"}),/*#__PURE__*/e(\"p\",{children:\"That said, we advise customers to include relevant language in their contracts.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 15: Ensure contractually that there is an ability to audit the organisation at the remote end to ensure each of the conditions is met.\"}),/*#__PURE__*/t(\"p\",{children:[\"Virtual desktops are programmatically scoped to only the organization, and are built from customized golden images to comply with Essential Eight rules. End-to-End encryption is provided using AES-256 with 4096 bit RSA.\\xa0\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"Although Dispel mitigates these risks, we advise customers to include relevant language in their contracts to fulfill this design principle.\\xa0\"]}),/*#__PURE__*/e(\"h5\",{children:\"Design 16: Ensure contractually that there is ability to periodically red-team test the protocol at all parts of the protocol, including the remote vendor\u2019s end.\"}),/*#__PURE__*/e(\"p\",{children:\" Dispel undergoes periodic penetration testing from HackerOne, and customers are allowed to perform their own penetration testing under the appropriate instances.\"}),/*#__PURE__*/e(\"h5\",{children:\"Design 17: Ensure contractually that any connectivity and hosting requirements for the re-mote access infrastructure is specified.\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel has a number of procedures and policies in place to mitigate denial of services attacks. \"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The remote access network itself has all ports and protocols turned off, except for those explicitly allowed for individual components to work together. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Virtual Desktops allow RDP connections from only the approved user, and only after they\u2019ve been granted an access window. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Dispel employs regional resiliency measures to quickly recover from data-center/cloud-level outage events. \"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"The front-end console mitigates DDoS attacks with techniques including TCP Syn cookies and connection rate limit-ing. The console also maintains a multiple backbone connection architecture with internal bandwidth capacity that exceeds the internet carrier supplied bandwidth. In the event of a DDoS at-tack, our console hosting platform enables additional advanced DDoS mitigation controls where needed.\\xa0\"})})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"h2\",{children:\"Next Steps\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"strong\",{children:\"\u201CIf you are looking for a robust product for accessing OT assets securely and reliably, this is it.\u201D\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Book a demo with our team today to get yourself aligned with the ACSC's \",/*#__PURE__*/e(\"em\",{children:\"Industrial Control System Remote Access Protocol:\"})]}),/*#__PURE__*/e(n,{href:\"https://dispel.com/cs/c/?cta_guid=3491282b-751f-4c93-a144-66e2bd87f7c4&signature=AAH58kFPtN0uJ1ZE5r_NcOb9NGHLO_dIjg&portal_id=23426120&pageId=97875819150&placement_guid=8b461f98-0bbb-41bd-b361-9c953964323a&click=5c40152c-f1f8-4073-82b2-6032cac7b690&contentType=blog-post&redirect_url=APefjpEogxxyrs2uT--wEvr8-0NVGhnav8Xedvl7oZfWG88nIdduX1X8ZDXATT6amRST_PNGvkKqD3-Wwv1gS5rr6rQerbxe1hpFvc1m1cJJm5ryKJ2jBhUetVVg6Jl4H35gYNa4xnJH3FXrxJJDzQUwkyQJZSIN5SGeuaFe2D5Uu8gSGJZlr5EyDEeEixIOIVg_E9RBAGNHy3934BTd3Wc6YCudhSdprzCtXwOr8AFQVGTHO7p83dpRYxRUh4n021EJezCRLK2t&hsutk=b389b951422d3b0f43395b277b31dcbb&canon=https%3A%2F%2Fdispel.com%2Fblog%2Fa-water-utilitys-guide-to-reducing-operations-and-maintenance-expenses&__hstc=223692548.b389b951422d3b0f43395b277b31dcbb.1715972201073.1715972201073.1715983673849.2&__hssc=223692548.1619.1715983673849&__hsfp=1310570649\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{className:\"framer-image\",\"data-preset-tag\":\"img\",children:/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"100\",src:\"https://framerusercontent.com/images/48leXal7KhECO3J3vWT6bOGhJA.jpeg\",srcSet:\"https://framerusercontent.com/images/48leXal7KhECO3J3vWT6bOGhJA.jpeg?scale-down-to=512 512w,https://framerusercontent.com/images/48leXal7KhECO3J3vWT6bOGhJA.jpeg 800w\",style:{aspectRatio:\"800 / 200\"},width:\"400\"})})}),/*#__PURE__*/e(\"p\",{children:\"Your systems should work, and your network should be protected with the strongest security possible. With Dispel, protect your network with Moving Target Defense.\"}),/*#__PURE__*/t(\"p\",{children:[\"Get your demo at \",/*#__PURE__*/e(n,{href:\"https://dispel.io/\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"https://dispel.io\"})})]})]});export const richText14=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"If you're here, you're probably a operational technology manager or IT security reader based in Australia looking to enable remote access to your environment. It might be you're doing so for the very first time or looking to bring your organization into alignment with the the ACSC's guidance. Either way, what we'll do here is walk you through what the requirements are in the guidelines, and then how you can use Dispel to easily and automatically comply.\"}),/*#__PURE__*/t(\"p\",{children:[\"Dispel is a managed zero trust access (ZTA) platform designed specifically for OT/ICS environments. It combines multiple security modules around a secure access service edge (SASE) model to meet the cybersecurity control criteria. If you use Dispel, you'll automatically comply with most of the guidelines\",/*#__PURE__*/e(\"span\",{children:\"\u2014\"}),\"a lot cheaper and certainly faster than having to buy several different products and put it together yourself.\"]}),/*#__PURE__*/t(\"h2\",{children:[\"What is the Australian Cyber Security Centre \",/*#__PURE__*/e(\"em\",{children:\"Remote Access to Operational Technology Environments\"}),\" guide?\"]}),/*#__PURE__*/t(\"p\",{children:[\"The Australian Cyber Security Centre's \",/*#__PURE__*/e(n,{href:\"https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/critical-infrastructure/remote-access-operational-technology-environments\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"em\",{children:\"Remote Access to Operational \"})})})}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(n,{href:\"https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/critical-infrastructure/remote-access-operational-technology-environments\",motionChild:!0,nodeId:\"QsZaADSSZ\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"span\",{children:/*#__PURE__*/e(\"em\",{children:\"Technology Environments\"})})})}),/*#__PURE__*/t(\"span\",{children:[/*#__PURE__*/e(\"em\",{children:\" \"}),\"provides guidance for how critical infrastructure should protect their Operational Technology Environments (OTE). First published in May 2020, the guide was recently updated in March 2023. Written for small & medium businesses, large organizations & infrastructure, and government the guide is applicable for anyone running industrial control systems in their organization.\"]})]}),/*#__PURE__*/e(\"p\",{children:\"The guide is divided into two general focus areas:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"General remote access guidance; and,\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Remote access in Operational Technology Environments\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Why is the ACSC putting this out?\"}),/*#__PURE__*/e(\"p\",{children:\"Industrial automation and control system (IACS) organizations increasingly use commercial off-the-shelf (COTS) networked devices that are inexpensive, efficient, and highly automated. Control systems are also increasingly interconnected with non-IACS networks for valid business reasons. These devices, open networking technologies, and increased connectivity elevate the theoretical cyber risk of control system hardware and software. This, in turn, has raised concerns over Health, Safety and Environmental (HSE), financial, and/or reputational consequences from cyberattacks on deployed control systems.\"}),/*#__PURE__*/t(\"p\",{children:[\"The ACSC ICS Remote Access Protocol is not a prescriptive guide. The goal of the document is to provide a flexible framework that \",/*#__PURE__*/e(\"em\",{children:\"facilitates\"}),\" addressing current and future vulnerabilities in IACSs and applying necessary mitigations in a systematic, defensible manner.\"]}),/*#__PURE__*/e(\"h2\",{children:\"How Dispel's ZTA architecture works in this model\"}),/*#__PURE__*/e(\"p\",{children:\"Next we'll go through a brief architecture overview of Dispel Remote Access, then details how Dispel\u2019s zero trust remote access solution meets and exceeds each design guideline put forth by the ACSC ICS Remote Access Protocol.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Purdue Model Diagram of Dispel Deployment\"})}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"625\",src:\"https://framerusercontent.com/images/YLNbzPLutKDbj6cwZFtis3r8KTU.png\",srcSet:\"https://framerusercontent.com/images/YLNbzPLutKDbj6cwZFtis3r8KTU.png?scale-down-to=1024 775w,https://framerusercontent.com/images/YLNbzPLutKDbj6cwZFtis3r8KTU.png 948w\",style:{aspectRatio:\"948 / 1251\"},width:\"474\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Components\"})}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel Wicket ESI\"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Bottom third of diagram, Layer 3.5 of Purdue Model (OT DMZ)\"})}),/*#__PURE__*/e(\"p\",{children:\"The Dispel Wicket ESI is an on-premises remote access gateway that can be deployed as either hardware or a virtual appliance. It contains two network interface cards: North, and South. North connects outbound-only through a single port to a single IP to establish a remote access pathway through the SD-WAN, and South is given routability to devices on the OT network. On-premise firewalls can control the North and South sides independently to maintain strict need-based access and network segmentation. The Wicket ESI is the only on-premise installation required, and enables secure remote access to any device permitted on the South side network.\"}),/*#__PURE__*/e(\"p\",{children:\"\\xa0\"}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel SD-WANs \"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Grey box on upper left, cloud-based core network\"})}),/*#__PURE__*/e(\"p\",{children:\"The Dispel SD-WAN is the main bridge enabling remote access. The Wicket ESI proactively connects from one side of the SD-WAN, and on the other side, the Virtual Desktops are automatically networked in. Each Dispel SD-WAN is single-tenant to each customer, meaning your traffic and another customer\u2019s traffic will never traverse the same infrastructure. Additionally, Dispel SD-WANs are built with Moving Target Defense technology, enabling a shifting topology and increased resiliency.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"\\xa0\"})}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel VDIs (Virtual Desktops)\"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Top of diagram, cloud-based workstations\"})}),/*#__PURE__*/e(\"p\",{children:\"Dispel Virtual Desktops (VDIs) are single-use, time-limited workstations that users connect through to access the ICS network. Virtual desktops can be set to automatically cycle on an administrator-defined schedule. This ensures that each desktop is never used for more than 12 hours, and all valid credentials for remote access are cycled every 24 hours. Virtual desktops that connect to your ICS network will never connect to another network or another country. Lastly, virtual desktops will automatically build with the latest updates and patches to the day, and can be customized and imaged with your desired applications and security policies.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"\\xa0\"})}),/*#__PURE__*/e(\"h3\",{children:/*#__PURE__*/e(\"strong\",{children:\"Dispel Logging and Recording\"})}),/*#__PURE__*/e(\"p\",{style:{\"--framer-font-size\":\"16px\"},children:/*#__PURE__*/e(\"em\",{children:\"Blue boxes on the upper right, cloud-based add-ons\"})}),/*#__PURE__*/e(\"p\",{children:\"All access performed through Dispel is recorded in two ways:\"}),/*#__PURE__*/t(\"ol\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Syslog traffic packets which contain the user, timestamp, what devices the user accessed, and through which protocol. Dispel can provide an integrated server to store these logs as part of the managed deployment, or the traffic can be forwarded to a customer\u2019s existing SIEM (eg. Splunk).\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Full video screen recordings of each Virtual Desktop session. Recordings can be watched in real-time, and are saved for playback. Videos can be retained for an administrator-defined period of time, stored permanently, or exported. Dispel can provide a recording storage server to enable this functionality with no additional hardware needed from the customer.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Point-by-Point Guideline Mapping\"}),/*#__PURE__*/t(\"p\",{children:['{% module_block module \"widget_1683145482243\" %}{% module_attribute \"label\" %}advanced-table{% end_module_attribute %}{% module_attribute \"path\" %}/Dispel_December_2022/modules/advanced-table{% end_module_attribute %}{% module_attribute \"module_id\" %}94723167896{% end_module_attribute %}{% module_attribute \"schema_version\" %}2{% end_module_attribute %}{% module_attribute \"tag\" %}module{% end_module_attribute %}{% module_attribute \"no_wrapper\" %}false{% end_module_attribute %}{% module_attribute \"features\" %}[{\"heading\":\"Point-by-Point Guideline Mapping\",\"feature_row\":[{\"show_row_title\":true,\"sub_heading\":\"By default, there should be no communication between the vendor and the critical infrastructure control system.\",\"left_title\":\"Network segmentation and segregation\",\"right_content\":\"',/*#__PURE__*/e(\"span\",{children:\"By default, there is no communication possibility between the vendor and critical infrastructure. Access credentials are refreshed from session to session, ensuring the prevention of lingering or unwanted communication is. This is enforced at multiple levels:\\xa0\"}),/*#__PURE__*/e(\"br\",{}),\"\\\\n\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"\\\\n\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"No direct access. All connections must go through a hardened virtual desktop acting as an intermediary.\\xa0\"})})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"\\\\n\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"Vendors start from a suspended-by-default state, and must complete a \u201CRequest Access Form\u201D for their ac-count to gain access to a single-tenant, locked-to-them virtual desktop. Access is granted only for the time window al-lowed by the administrator.\\xa0\"})})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"\\\\n\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{children:\"The remote access network may be destroyed when not in use.\\xa0\"})})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"\\\\n\"})})]}),/*#__PURE__*/e(\"p\",{children:'\",\"show_box_content\":true,\"box_content\":{\"title\":\"This allows you to align with:\",\"tags\":[{\"tag\":\"Control: ISM-1181; Revision: 5; Updated: Mar-22; Applicability: All.\",\"theme_color\":\"c-security-table__pill--blue\"},{\"tag\":\"Control: ISM-1577; Revision: 1; Updated: Mar-22; Applicability: All.\",\"theme_color\":\"c-security-table__pill--blue\"}]}}],\"table_id\":\"\"}]{% end_module_attribute %}{% module_attribute \"css\" %}{}{% end_module_attribute %}{% module_attribute \"child_css\" %}{}{% end_module_attribute %}{% end_module_block %}'})]});export const richText15=/*#__PURE__*/t(s.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"For those of you out there that have been using a home-rolled way of getting access to your industrial systems, the modern world of access can be a bit jarring. Just in the last five years, the use of VPNs, jump hosts, and proxies as spartan functional tools to get into environments have all been outstripped. New NIST and IEC standards demand the tools be tightly integrated into other security systems. And the cost of doing it right yourself has skyrocketed--managing, auditing, certifying, and monitoring all add up.\"}),/*#__PURE__*/e(\"p\",{children:\"We wrote this comparison document to get your team up to speed on what has really changed, and walk through what all the new pieces are that you need for control and visibility into your industrial control systems.\"}),/*#__PURE__*/e(\"p\",{children:\"We will examine the various components needed for a complete zero trust access (ZTA) system\u2014including Identity and Access Management (IAM), network encryption and tunneling, moving target defense, network segmentation, endpoint isolation, monitoring and analytics, asset management, and security operations center integrations.\"}),/*#__PURE__*/e(\"p\",{children:\"This guide also grounds the components of a ZTA system within the context of security control criteria and standards surrounding industrial control system access. The ones we discuss here are NIST, IEC 62443, NERC-CIP Section 5, and WITAF 503. In short, by adhering to these guidelines organizations help ensure that their industrial control systems are protected against cyber threats that could cause significant damage. And, since you'd be following industry best practices, if there were an incident you'd be in a better position with your board and your insurance providers.\"}),/*#__PURE__*/e(\"h2\",{children:\"Definitions\"}),/*#__PURE__*/e(\"p\",{children:\"Let\u2019s start by looking at the two items in question: Dispel Remote Access and a Virtual Private Network (VPN) (or any other tool like a jump host). The primary difference is that Dispel is an integrated platform while a VPN is a technology subset. In other words, Dispel is a laptop, while a VPN is a memory chip inside of that computer. VPNs perform functions that are part of a complete solution but cannot operate fully by themselves.\"}),/*#__PURE__*/e(\"h3\",{children:\"What is industrial control system Zero Trust Access (ZTA)?\"}),/*#__PURE__*/e(\"p\",{children:\"A Zero Trust Access (ZTA) system is a security model that requires all users and devices to be authenticated and authorized before being granted access to an industrial control system. It assumes that all users and devices, even those inside the network, are potentially a security risk and should not be trusted by default.\"}),/*#__PURE__*/e(\"p\",{children:\"A complete Zero Trust Access (ZTA) system for industrial control environments, such as those used to grant access to critical infrastructure, should follow guidelines from various reference frameworks, such as NIST CSF, 800-53, 800-82, and IEC 62443.\"}),/*#__PURE__*/e(\"h3\",{children:\"Mandatory Components of an Industrial Control System ZTA Platform\"}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"90\",src:\"https://framerusercontent.com/images/rqKzYx0mHlsrz5UtJHKby3hU.png\",srcSet:\"https://framerusercontent.com/images/rqKzYx0mHlsrz5UtJHKby3hU.png?scale-down-to=512 512w,https://framerusercontent.com/images/rqKzYx0mHlsrz5UtJHKby3hU.png 940w\",style:{aspectRatio:\"940 / 180\"},width:\"470\"}),/*#__PURE__*/e(\"p\",{children:\"The constituent components needed to achieve a complete ZTA platform include:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Identity and Access Management (IAM):\"}),\" IAM is responsible for identifying and authenticating users and devices and authorizing them to access resources. IAM includes components such as time-based access windows, multi-factor authentication, identity federation, and role-based access control.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Network Encryption and Tunneling:\"}),\" Network encryption and tunneling secures traffic to and from the industrial control system over the public internet against intercepted data being read by unauthorized parties. In particular, a Virtual Private Network (VPN) or Software Defined-Wide Area Network (SD-WAN) can provide a secure and encrypted connection between multiple endpoints over a public network such as the internet.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Moving Target Defense:\"}),\" A moving target defense (MTD) tool prevents vulnerability exploitation and target analysis by attackers. MTD networks significantly increase the cost of targeting and attacking OT systems by rendering reconnaissance intelligence obsolete and useless in an hourly or daily basis. MTD networks are also critical for dealing with ransomware, since they can automatically patch their components.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Network Segmentation:\"}),\" Network segmentation is the process of dividing a network into smaller segments, each with its own security controls. Segmented networks limit the exposure of critical systems and reduce the risk of lateral movement by attackers.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Endpoint Isolation:\"}),\" Endpoint isolation involves securing devices and systems that are connected to the network, including computers and mobile devices. This disposable intermediate infrastructure, such as hardened, cycling virtual desktops.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Monitoring and Analytics:\"}),\" Monitoring and analytics tools provide visibility into network activity and detect anomalies and threats in real-time. This includes session recording, network activity logs, keystroke logging and integrations with tools such as Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Asset Management:\"}),\" Asset management tools are responsible for registering and tracking all devices on the network. This includes assigning IP addresses, ports, and protocols permissible for network activity. Asset management tools give organizations visibility into their network, making it easier to identify and manage potential security risks. By tracking all devices on the network, organizations can ensure that only authorized devices are connected to the network, and that they are operating within the expected parameters. This helps to prevent unauthorized changes to the network and ensures that critical systems are protected from cyber threats.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Security Operations Center:\"}),\" A security operations center (SOC) is a centralized unit responsible for monitoring and responding to security incidents. The SOC is staffed by security professionals who use advanced tools and techniques to detect and respond to security incidents.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"In summary, a ZTA system for industrial control environments should include IAM, network encryption and tunneling, moving target defense, network segmentation, endpoint isolation, monitoring and analytics, asset management, and a SOC. By following guidelines from various reference frameworks, organizations can ensure that their ZTA system is comprehensive and effective in protecting critical infrastructure.\"}),/*#__PURE__*/e(\"h3\",{children:\"Dispel Remote Access is Industrial Control System ZTA\"}),/*#__PURE__*/e(\"p\",{children:\"Dispel Remote Access is a complete Zero Trust Access (ZTA) system designed for industrial control systems. It incorporates the components necessary to comply with security control criteria, including Identity and Access Management (IAM), network encryption and tunneling, moving target defense, network segmentation, endpoint isolation, monitoring and analytics, asset management, and integrations for security operations centers (SOC).\"}),/*#__PURE__*/e(\"p\",{children:\"By providing a comprehensive ZTA platform, Dispel ensures that all users and devices are properly authenticated and authorized before being granted access to industrial control systems. Recordings and logs are made during the entire session. And then their access window is automatically closed, and the connection infrastructure destroyed. This is achieved by following guidelines from various reference frameworks, such as NIST CSF, 800-53, 800-82, and IEC 62443, to ensure that the ZTA system is effective in protecting critical infrastructure.\"}),/*#__PURE__*/e(\"h3\",{children:\"What then is a VPN?\"}),/*#__PURE__*/t(\"p\",{children:[\"A Virtual Private Network (VPN) is subcategory technology of \",/*#__PURE__*/e(\"em\",{children:\"Network Encryption and Tunneling\"}),\". VPNs are software that creates a secure and encrypted connection between two endpoints over a public network such as the internet.\"]}),/*#__PURE__*/e(\"p\",{children:\"In the context of remote access to an industrial control system, a VPN provides a secure tunnel for data communication between the remote user and the industrial network. However, it is important to note that a VPN is just a piece of a larger system, like tires on a car.\"}),/*#__PURE__*/e(\"h2\",{children:\"Compare and Contrast\"}),/*#__PURE__*/e(\"img\",{alt:\"Dispel vs VPN: Identity & Access Management, Network Encryption & Tunneling, Moving Target Defense, Network Segmentation, Endpoint Isolation, Monitoring & Analytics, Asset Management, SOC Integration\",className:\"framer-image\",height:\"704\",src:\"https://framerusercontent.com/images/GDbZsHv79vrRvVLQXCI6u2tqcw.png\",srcSet:\"https://framerusercontent.com/images/GDbZsHv79vrRvVLQXCI6u2tqcw.png?scale-down-to=1024 695w,https://framerusercontent.com/images/GDbZsHv79vrRvVLQXCI6u2tqcw.png 956w\",style:{aspectRatio:\"956 / 1408\"},width:\"478\"}),/*#__PURE__*/e(\"p\",{style:{\"--framer-text-alignment\":\"center\"},children:/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(117, 83, 219)\"},children:\"\\xa0\"})}),/*#__PURE__*/e(\"h2\",{children:\"Efficiency & Security\"}),/*#__PURE__*/e(\"h3\",{children:\"Integrated OT ZTA Solutions Are Significantly Faster\"}),/*#__PURE__*/e(\"p\",{children:\"Using a fully integrated OT ZTA system, like Dispel Remote Access, is significantly more efficient for operators and administrators because it provides a single, centralized platform for managing access security across the network. Instead of having to manually manage multiple disparate security tools and platforms, operators and administrators can use a single platform to automatically manage access, monitor network activity, and detect and respond to security incidents.\"}),/*#__PURE__*/e(\"p\",{children:\"This saves time and reduces the likelihood of errors or oversights that can lead to security breaches. Dispel Remote Access improved incident response with clients by 97% and saved users over 365,000 FTE hours.\"}),/*#__PURE__*/e(\"h3\",{children:\"Security Standards Govern Access\"}),/*#__PURE__*/e(\"p\",{children:\"When it comes to industrial control systems, remote access is a critical aspect that needs to be properly secured. Fortunately, there are various security guidelines and requirements that apply to industrial control systems, including those that address remote access. Some of the most important ones are NIST, IEC 62443, NERC-CIP Section 5, and WITAF 503. These guidelines and requirements provide recommendations and best practices for securing industrial control systems and protecting critical infrastructure against cyber threats. By following these guidelines and requirements, organizations can ensure that their industrial control systems are secure and protected against cyber threats that could cause significant damage.\"}),/*#__PURE__*/e(\"h3\",{children:\"NIST\"}),/*#__PURE__*/t(\"p\",{children:[\"The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce responsible for developing and promoting measurement, standards, and technology. NIST provides cybersecurity guidance for organizations, including the Cybersecurity Framework (CSF) and various Special Publications (SPs). Among these SPs are 800-53 (\",/*#__PURE__*/e(\"em\",{children:\"Security and Privacy Controls for Information Systems and Organizations\"}),\"), 800-82 (\",/*#__PURE__*/e(\"em\",{children:\"Guide to Industrial Control Systems (ICS) Security\"}),\"), and 800-160 Volume 2 (\",/*#__PURE__*/e(\"em\",{children:\"Developing Cyber-Resilient Systems\"}),\"). These publications provide comprehensive guidelines for securing industrial control systems and protecting critical infrastructure against cyber threats.\"]}),/*#__PURE__*/e(\"h3\",{children:\"IEC 62443\"}),/*#__PURE__*/e(\"p\",{children:\"IEC 62443 is an international standard that provides guidelines for developing a comprehensive cybersecurity management system for industrial automation and control systems (IACS). It includes a lifecycle model that helps organizations manage cybersecurity from the beginning of a project through to the end of the system's life, and includes guidelines for secure development, testing, and deployment of IACS.\"}),/*#__PURE__*/e(\"h3\",{children:\"NERC-CIP Section 5\"}),/*#__PURE__*/e(\"p\",{children:\"NERC-CIP Section 5 is a set of cybersecurity standards that apply to the bulk power system in North America. Specifically, Section 5 addresses the security of the bulk electric system's cyber assets, including electronic security perimeters, access controls, and incident response plans. The standards were developed by the North American Electric Reliability Corporation (NERC) in response to the Energy Policy Act of 2005, which mandated the establishment of mandatory and enforceable reliability standards for the nation's bulk power system.\"}),/*#__PURE__*/e(\"h3\",{children:\"WITAF 503\"}),/*#__PURE__*/t(\"p\",{children:[\"The American Water Works Association\u2019s \",/*#__PURE__*/e(\"em\",{children:\"Process Control System Security Guidance for the Water Sector\"}),\" (WITAF 503) provides a guide for members of the water industry seeking voluntary adoption of the NIST CSF and adherence to Executive Order 13636 \",/*#__PURE__*/e(\"em\",{children:\"Improving Critical Infrastructure Cybersecurity\"}),\". WITAF 503 includes recommendations for implementing security controls such as network segmentation, access controls, and monitoring and logging, as well as guidance for addressing common security threats such as phishing attacks and malware infections.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Next Steps\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"span\",{style:{\"--framer-text-color\":\"rgb(112, 48, 160)\"},children:/*#__PURE__*/e(\"strong\",{children:\"\u201CIf you are looking for a robust product for accessing OT assets securely and reliably, this is it.\u201D\"})})}),/*#__PURE__*/e(\"p\",{children:\"Dispel\u2019s Secure Remote Access platform was specifically designed for reaching and managing industrial control systems in under 30 seconds, with less than 1 minute of administrative overhead, without cutting cyber security corners. What sets Dispel apart from other SRA vendors is not only that it is the only SRA offering on the market that hits US standards as a single product, but also that it is efficient to use at both micro and massive scales.\\xa0\"})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText15\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],
  "mappings": "2MAAAA,IAAsJ,IAAMC,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,8PAAsQE,EAAEC,EAAE,CAAC,KAAK,gDAAgD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,4FAA4F,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,iVAAiV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8TAA8T,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iRAA4Q,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oTAAoT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gaAAga,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2SAAwTE,EAAEC,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,kGAAkG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,iBAA8BF,EAAEC,EAAE,CAAC,KAAK,8FAA8F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,sIAAiI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,yOAAyO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4CAA4C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uWAAuW,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6GAA0HE,EAAEC,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,SAAsBF,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,8TAA8T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gCAAgC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2GAA2G,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yGAAyG,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mGAAmG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2GAA2G,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAeA,EAAE,QAAQ,CAAC,SAAS,GAAG,UAAU,eAAe,KAAK,GAAG,MAAM,GAAG,YAAY,GAAG,IAAI,oEAAoE,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8IAA2JE,EAAEC,EAAE,CAAC,KAAK,CAAC,UAAU,WAAW,EAAE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,6EAA6E,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,+SAA4TE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gFAAgF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sFAAsF,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAE,mQAAmQ,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mPAAmP,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,sKAAsK,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+MAA+M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iFAAiF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0FAA0F,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,QAAQ,CAAC,SAAS,GAAG,UAAU,eAAe,KAAK,GAAG,MAAM,GAAG,YAAY,GAAG,IAAI,qEAAqE,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uCAAuC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wJAAwJ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kdAAkd,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oSAAoS,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6CAA6C,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uCAAuC,CAAC,EAAE,2LAA2L,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iCAAiC,CAAC,EAAE,mKAAmK,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,yBAAyB,CAAC,EAAE,oKAAoK,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wCAAwC,CAAC,EAAE,2IAA2I,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qaAAqa,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wTAA8S,CAAC,CAAC,CAAC,CAAC,EAAeG,EAAuBH,EAAID,EAAS,CAAC,SAAsBD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iDAAiD,CAAC,EAAE,4DAAyEA,EAAEC,EAAE,CAAC,KAAK,gCAAgC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,aAA0BF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,qDAAqD,CAAC,CAAC,CAAC,CAAC,EAAeE,EAAuBN,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,4FAAyGA,EAAE,SAAS,CAAC,SAAS,0BAAgB,CAAC,EAAE,sDAAmEA,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,uNAA0NF,EAAEC,EAAE,CAAC,KAAK,gDAAgD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,ieAAud,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gBAA6BE,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,qdAAgd,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,6CAAqDE,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAE,qXAAiW,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uDAAuD,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8GAA8G,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oEAAoE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iGAAiG,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6HAA6H,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kHAAkH,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iIAAiI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oSAAiTE,EAAEC,EAAE,CAAC,KAAK,+MAA+M,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeG,EAAuBP,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,ycAAyc,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wYAAwY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0YAA6Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yMAAyM,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8eAAoe,CAAC,CAAC,CAAC,CAAC,EAAeM,EAAuBR,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,2DAA2D,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oEAAiFE,EAAEC,EAAE,CAAC,KAAK,iHAAiH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,ofAAof,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4UAAyVE,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sDAAsD,CAAC,CAAC,CAAC,EAAE,YAAyBF,EAAEC,EAAE,CAAC,KAAK,wHAAwH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAE,SAAsBF,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oEAA+D,CAAC,CAAC,CAAC,EAAE,qLAAqL,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,6dAA0eE,EAAEC,EAAE,CAAC,KAAK,sGAAsG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0EAA0E,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsCE,EAAEC,EAAE,CAAC,KAAK,iHAAiH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,ygBAAygB,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4FAA+FE,EAAEC,EAAE,CAAC,KAAK,sHAAsH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qDAAqD,CAAC,CAAC,CAAC,EAAE,oYAA+X,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,gEAAgE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yzBAAyzB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8EAA8E,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mKAA8J,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcA,EAAE,KAAK,CAAC,kBAAkB,KAAK,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+bAA+b,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,KAAK,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,siBAAsiB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,KAAK,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2UAA2U,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,KAAK,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gFAA6FE,EAAEC,EAAE,CAAC,KAAK,CAAC,KAAK,aAAa,UAAU,WAAW,EAAE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,mJAAmJ,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,KAAK,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kaAAka,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,KAAK,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kZAAkZ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gqBAAgqB,CAAC,CAAC,CAAC,CAAC,EAAeO,EAAuBT,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,yTAA+S,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2SAAkR,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wsBAAmsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wZAA0X,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qUAAgU,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBV,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,iOAAiO,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAEC,EAAE,CAAC,KAAK,oFAAoF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAE,ihBAAugB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,yeAA0e,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,scAAsc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ygBAA0f,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uXAAkX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2PAA2P,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4kBAAolBE,EAAEC,EAAE,CAAC,KAAK,sBAAsB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,urBAA0rBE,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,IAAiBF,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8JAA8J,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBX,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,sHAAsH,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,mTAAmT,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mLAAmL,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,uLAAkL,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,EAAE,0MAA0M,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,EAAE,6MAA6M,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gVAAgV,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iCAAiC,CAAC,EAAE,yHAAyH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,8BAA8B,CAAC,EAAE,gKAAgK,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,EAAE,sHAAsH,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qaAAqa,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qOAAqO,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mMAAmM,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ycAAyc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,uaAAwZ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeU,EAAuBZ,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,seAAse,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sDAAsD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0sBAA0sB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6TAA6T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uWAAuW,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8XAA8X,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iDAAiD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,iYAAiY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeW,EAAuBb,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,sxBAAsxB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,gDAAgD,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iCAAiC,CAAC,EAAE,kIAAkI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,EAAE,wHAAwH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,yGAAyG,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,EAAE,yIAAoI,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2CAA2C,CAAC,EAAE,kIAAkI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6DAA6D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+kBAA+kB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4DAA4D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,meAA8d,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oDAAoD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yaAAya,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4CAA4C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sZAAiZ,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gdAAgd,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAwBd,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,OAAO,CAAC,SAAS,2EAA4E,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,cAA2BA,EAAEC,EAAE,CAAC,KAAK,yIAAyI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,wOAAqPF,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,IAAiBA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAS,qRAAqR,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,MAAM,CAAC,qBAAqB,OAAO,0BAA0B,UAAU,EAAE,SAAS,UAAU,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,yIAAyI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,OAAO,uBAAuB,QAAQ,EAAE,SAAS,CAAcE,EAAE,OAAO,CAAC,SAAsBA,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,YAAY,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,cAAc,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,iNAA8NA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,uCAAuC,CAAC,CAAC,CAAC,EAAE,8DAA2EA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,8EAA2FA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,gGAA6GA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,qFAAkGA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,EAAE,gDAAgD,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,mEAAmE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,UAAU,eAAe,kBAAkB,MAAM,SAAsBF,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,iEAA4D,CAAC,CAAC,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,iPAAiP,CAAC,CAAC,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,UAAU,eAAe,kBAAkB,MAAM,SAAsBF,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAsBA,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,EAAea,EAAwBf,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,uCAAoDE,EAAE,SAAS,CAAC,SAAS,4OAA4O,CAAC,EAAE,iMAAiM,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,CAAC,eAA4BE,EAAE,KAAK,CAAC,CAAC,EAAE,6KAA6K,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+BAA+B,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,spBAAspB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+fAA+f,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,imBAA4lB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gDAAgD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ojBAAojB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8YAA8Y,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mYAAyX,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iCAAiC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mwBAAmwB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4WAA4W,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yQAAyQ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,q1BAA20B,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qDAAqD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qUAAqU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,MAAM,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,sKAAsK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,EAAE,mQAAmQ,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,EAAE,moBAAmoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gCAAgC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,6YAA6Y,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,2OAA2O,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,EAAE,kOAAkO,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,mCAAmC,CAAC,EAAE,yYAAyY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,iCAAiC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,0UAA0U,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,6BAA6B,CAAC,EAAE,+PAA+P,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,CAAC,cAA2BE,EAAE,KAAK,CAAC,CAAC,EAAE,4OAA4O,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qSAAqS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8hBAA8hB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,iNAAiN,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,qKAAqK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sDAAsD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6cAA6c,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wGAAwG,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,eAA4BE,EAAE,KAAK,CAAC,CAAC,EAAE,iGAAyGA,EAAE,KAAK,CAAC,CAAC,EAAE,0VAA0V,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sjBAAsjB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6XAA0YE,EAAE,KAAK,CAAC,SAAS,yEAAyE,CAAC,EAAE,cAA2BA,EAAE,KAAK,CAAC,SAAS,oDAAoD,CAAC,EAAE,4BAAyCA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAE,8JAA8J,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4ZAA4Z,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uCAAuC,CAAC,EAAeF,EAAE,IAAI,CAAC,MAAM,CAAC,0BAA0B,MAAM,EAAE,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,qBAAqB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,+YAA0Y,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,kHAAmG,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,+CAA+C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAec,EAAwBhB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,snBAAumB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uTAAkT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kNAAwM,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2ZAAsZ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gYAAiX,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2fAA4e,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+RAA0R,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yjBAA0iB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4xCAAwwC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kdAA8b,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sgBAAkf,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,w8BAAo7B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gTAAgT,CAAC,CAAC,CAAC,CAAC,EAAee,EAAwBjB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,siBAAsiB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oTAAiUE,EAAE,OAAO,CAAC,SAAS,QAAG,CAAC,EAAE,gHAAgH,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,gDAA6DE,EAAE,KAAK,CAAC,SAAS,mDAAmD,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuDE,EAAEC,EAAE,CAAC,KAAK,uKAAuK,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,EAAeJ,EAAE,OAAO,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,oIAAoI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gmBAAgmB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qIAAkJE,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAE,gIAAgI,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mDAAmD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yOAAoO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,yKAAyK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,6DAA6D,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2oBAA2oB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,MAAM,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,kDAAkD,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4eAAue,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0oBAA0oB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,oDAAoD,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8DAA8D,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uSAAkS,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yWAAyW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2HAA2H,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qQAAqQ,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6GAA6G,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wQAA8P,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wDAAwD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gIAAiH,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iRAAiR,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,qEAAqE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+RAA+R,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gFAAgF,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yDAAyD,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4JAA4J,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iQAAiQ,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oMAAoM,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6NAAwN,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uDAAuD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uTAAuT,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gEAAgE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sdAAsd,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0IAA0I,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0GAA0G,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kPAAkP,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qGAAqG,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qMAAqM,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oIAAoI,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gHAAgH,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6TAA6T,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qNAAqN,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kKAAkK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6FAA6F,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8LAA8L,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wKAAwK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oLAAoL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sLAA6J,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uEAAuE,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,gIAAgI,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4FAA4F,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8HAA8H,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oaAAqZ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gOAA4M,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iQAA6O,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sMAA4L,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iVAAiV,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+KAA0K,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4OAA4O,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+HAA+H,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mJAAmJ,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sLAAsL,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qJAAqJ,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iFAAiF,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+IAA+I,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kOAA+OE,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,kJAAkJ,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wKAAmK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oKAAoK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oIAAoI,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kGAAkG,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2JAA2J,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,iIAA4H,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6GAA6G,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yZAAyZ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,gHAAsG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2EAAwFE,EAAE,KAAK,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,q1BAAq1B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,UAAU,eAAe,kBAAkB,MAAM,SAAsBF,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,wKAAwK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oKAAoK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oBAAiCE,EAAEC,EAAE,CAAC,KAAK,qBAAqB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAec,EAAwBlB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,2cAA2c,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oTAAiUE,EAAE,OAAO,CAAC,SAAS,QAAG,CAAC,EAAE,gHAAgH,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,gDAA6DE,EAAE,KAAK,CAAC,SAAS,sDAAsD,CAAC,EAAE,SAAS,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuDE,EAAEC,EAAE,CAAC,KAAK,uKAAuK,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,OAAO,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,uKAAuK,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,OAAO,CAAC,SAAsBA,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,OAAO,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,uXAAuX,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oDAAoD,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sDAAsD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mCAAmC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gmBAAgmB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qIAAkJE,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAE,gIAAgI,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mDAAmD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yOAAoO,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,yKAAyK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,6DAA6D,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2oBAA2oB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,MAAM,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,kDAAkD,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4eAAue,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0oBAA0oB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,SAAS,oDAAoD,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8DAA8D,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uSAAkS,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yWAAyW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8xBAA2yBE,EAAE,OAAO,CAAC,SAAS,yQAAyQ,CAAC,EAAeA,EAAE,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,6GAA6G,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,0QAAgQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6gBAA6gB,CAAC,CAAC,CAAC,CAAC,EAAeiB,EAAwBnB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,2gBAA2gB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wNAAwN,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8UAAyU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qkBAAqkB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4bAAub,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4DAA4D,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sUAAsU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4PAA4P,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mEAAmE,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,KAAK,IAAI,oEAAoE,OAAO,kKAAkK,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+EAA+E,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uCAAuC,CAAC,EAAE,gQAAgQ,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,mCAAmC,CAAC,EAAE,sYAAsY,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,EAAE,0YAA0Y,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,wOAAwO,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,EAAE,+NAA+N,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,2BAA2B,CAAC,EAAE,uUAAuU,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,EAAE,goBAAgoB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,6BAA6B,CAAC,EAAE,4PAA4P,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4ZAA4Z,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uDAAuD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sbAAsb,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qiBAAqiB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gEAA6EE,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAE,sIAAsI,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iRAAiR,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,0MAA0M,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,uKAAuK,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,MAAM,CAAC,0BAA0B,QAAQ,EAAE,SAAsBA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAS,MAAM,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sDAAsD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8dAA8d,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oNAAoN,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4tBAA4tB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6XAA0YE,EAAE,KAAK,CAAC,SAAS,yEAAyE,CAAC,EAAE,cAA2BA,EAAE,KAAK,CAAC,SAAS,oDAAoD,CAAC,EAAE,4BAAyCA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAE,8JAA8J,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4ZAA4Z,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kiBAAkiB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+CAAuDE,EAAE,KAAK,CAAC,SAAS,+DAA+D,CAAC,EAAE,qJAAkKA,EAAE,KAAK,CAAC,SAAS,iDAAiD,CAAC,EAAE,gQAAgQ,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,mBAAmB,EAAE,SAAsBA,EAAE,SAAS,CAAC,SAAS,gHAAsG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6cAAwc,CAAC,CAAC,CAAC,CAAC,EACpp4IkB,EAAqB,CAAC,QAAU,CAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC",
  "names": ["init_ssg_sandbox_shims", "richText", "u", "x", "p", "Link", "motion", "richText1", "richText2", "richText3", "richText4", "richText5", "richText6", "richText7", "richText8", "richText9", "richText10", "richText11", "richText12", "richText13", "richText14", "richText15", "__FramerMetadata__"]
}