With more organisations taking advantage of remote access to plant equipment, currently there isn’t a comprehensive framework to guide organisations through the best practices. Given the events of 2020, adoption of remote access is increasing – leaving many organisations pondering the best way to minimise potential risks to their systems.

The Organization for Machine Automation and Control (OMAC) sought to change this, with a vision of examining emerging requirements, existing technologies and deployed solutions in order to develop a remote access guide.

SAGE Automation was invited to participate in an ongoing global workgroup, led by OMAC and facilitated by ei3, to share their knowledge, experience and help define best practices for remote access.

The remote access workgroup consisted of 37 industry leaders from the automation ecosystem worldwide. SAGE Automation team members providing their insights were Andy O’Regan, Engineering Team Lead of the National Operations Centre (NOC), Mal Frampton, Cyber Security Consultant and Andrew Naydonov, IT Senior Systems Engineer.

These workgroup discussions led to a comprehensive best practices guide based on the findings. A few key takeaways from the discussions are listed below.

Key findings from the remote access best practices workgroup

The workgroup drew on the experiences of team members from major manufacturers, system integrators, OEMs and automation vendors. Each session explored critical topics relating to industrial remote access, like security, corporate policy, usage and monitoring requirements.

Despite working across very different industries, the challenges involved with implementing remote access are usually the same.

IT-OT collaboration is critical

While previously, systems have been isolated to minimise risk across the business, this has become outdated. There now needs to be a strong working relationship between your IT and OT teams in order to support digital transformation and to enable secure remote access to your most valuable assets.

Developing in-house resources, such as an OT user requirements guide and network architecture standards can ensure appropriate steps are taken, and that everyone in the company is aware of the correct practice.

You need a remote access plan

Every organisation planning to utilise remote access should have a plan. It should be a controlled document, developed based on the current state, and it should consider essential areas such as:

• Identifying critical equipment and systems (your assets) and the regulations for interacting with them
• Remote methodologies, including technologies for individual and asset vetting
• Safety and security protocols focused on individuals and machines.

“Here at SAGE, we have our own safety analysis for each site we connect to remotely. During the workgroup meetings, we found that is something not every organisation considers in their planning. If you were attending a client site, you would have to ensure you are protecting the client’s systems – it should be the same for remote connections,” said Andrew O’Regan, Engineering Team Lead of the NOC.

Remote access doesn’t mean vulnerable systems

Most companies are aware of cyber security risks due to a number of high-profile cyber attacks over the years. This has led to some hesitancy around allowing remote access for crucial plant equipment and other assets.

The workgroup supported the finding that the level of cyber risk can be reduced by vetting remote connections and software, and having adequate security policies that include a software whitelist.  

Mal Frampton, SAGE’s Cyber Security Consultant, explains that while remote access to IT systems is widely accepted and well understood, OT’s convergence often carries additional risk and requires careful consideration.

“With good architectural design and thorough implementation of defence-in-depth security controls, remote access to ICS/SCADA is certainly possible. Protecting critical infrastructure is just as important as keeping the lights on, and like safety, security is everyone's responsibility. There is no compromise for a good security culture and robust strategy where security is baked in by design.”

Remote connectivity enables greater access to technical resources

A clear benefit of remote access is the ability to connect with specialised technical resources, regardless of distance. For SAGE, the NOC has enabled clients in regional areas to quickly resolve communication and PLC faults remotely – ensuring they are back up and running without waiting for a technician to travel to site. When timing is crucial, remote access can be the support your business needs. 

Remote access to equipment and systems has already proven hugely valuable during the pandemic, but the protection of these assets is an ongoing matter. Having clear guidelines for establishing safe and secure remote access to industrial equipment is an essential resource for organisations making use of remote technical expertise.

For more information, and to download the remote access guide, visit: https://www.ei3.com/practical-guide-for-remote-access-to-plant-equipment/