Secure Remote Access: How to Protect Your Plant Floor

PB 25 Rockwell newlogo 400

December 4, 2019

By Elliott Pennington, Business Development Lead

As plant floors become more connected – from the equipment to the systems – the way manufacturers manage internal and external access to that technology is evolving. Digitization has myriad benefits, but it also comes with inherent risks, and IT/OT convergence doesn’t make it any easier. Every manufacturer should be concerned about the rise in ransomware and cyber attacks that have taken advantage of the vulnerabilities specific to the OT environment.

More commonly, human errors can result in unplanned downtime as well as safety and environmental risks. While remote access enables virtual troubleshooting and monitoring that would otherwise be expensive and time-consuming, it also opens up the potential for mistakes. For example, it’s not difficult for an off-site vendor or on-site manager to accidentally download a program to the wrong PLC, which can result in incorrect functioning, downtime, production losses and additional costs.

Secure Remote Access: What is It?

Secure remote access provides both a secure line of communication and an avenue for remote access to enable the active management of access to the machines, equipment, controllers and systems on your plant floor. Most manufacturers use equipment brought in by original equipment manufacturers (OEM) or system integrators (SI), who can remotely connect in order to troubleshoot and manage that equipment, including HMIs and PLCs. Thanks to secure remote access, they can respond more quickly to issues and provide better uptime and availability for their equipment.

While some manufacturers are on top of their secure remote access policy and management, many are not. And that’s understandable – it’s complicated. After all, you may have a number of OEM and SI partners needing access to parts of your manufacturing lines. And depending on what industry you’re in, your plant may not have to adhere to regulations that require stringent cybersecurity plans. 

Secure remote access is about much more than the technology used to enable it, which in most cases is a VPN, or virtual private network. The VPN provides the infrastructure, serving as a secure virtual tunnel, for managing who is traveling through that tunnel to access your plant floor.

Controlling Virtual Traffic

With secure remote access, you can manage the policy and procedures, control who has access to what, ensure secure communications, and conduct audits and traceability of service.

One way to restrict access is to enact a specific firewall rule configuration that only allows outbound, not inbound, traffic from your site. That inbound traffic is restricted to specific IP addresses with authentication requirements, further limiting that access. By restricting the communications capabilities and managing access, you’re able to monitor, track and log all activity.

Not only does this give manufacturers the power to proactively control the virtual traffic on their plant floors, but it provides enormous value by providing timely issue resolution and reducing unplanned downtime. In manufacturing, time is money – secure remote access can help protect your bottom line by helping you make modifications to the production environment more quickly, run more efficiently, and make better data-driven decisions.

People, Policy and Procedures

In order to make security a part of the workplace culture, manufacturers need to focus on three things: People, policy and procedures.

  • –   People: This includes everyone who is involved in the use and management of secure remote access, including third-party security providers, OEMs and system integrators who have users with access, site staff and managers, and the corporate governance team. These teams are key to making policies and procedures work. And with the right education and training, they will help you create a culture of security in the workplace that will help decrease vulnerabilities and risk.
  • –   Policy: The policy is where you start – this guiding principle defines how secure remote access will be managed. It should outline who needs access, to what, and why. It should address whether there’s one process or multiple, whether access is centralized or spread out, and whether this is active or passive management. Are there other policies that need to be taken into consideration when developing this one, such as the overall security profile? If you already have a policy for physical security, which might include badge access and rules about who is allowed where, how does that extend to or interconnect with the remote community? If you want to revise your current policy, review logging and traceability capabilities as well as audit results. And don’t forget to test your own system to look for holes and improvements.
  • –   Procedures: This is where you explain what steps need to be followed to enact the policy. When documented and put into place, procedures provide great value as playbooks that anyone should be able to understand and follow. Procedures bring it full circle – ensuring that the people involved are properly communicated with, that consistency is maintained through any workforce turnover, and that a culture of security is part of the conversation. 

Security and Network Solutions, Customized for Your Needs

Whether you’re starting from scratch and or looking to improve your current secure remote access policy and procedures, Rockwell Automation Security Services  can help. We can help you proactively control and manage the access of OEMs, SIs and other partners. We can also provide solutions to help you deal with the industrial skills gap – whether that means maximizing the impact of your current staff by leveraging their skills remotely, or outsourcing a remote monitoring and administration capability to our team of engineers.

The bottom line for manufacturers is: if you don’t actively manage the remote access to your plant floor, you are exposing your assets to vulnerability risk. And every day, those risks just get more serious.

Source

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…