By implementing layers of hardware, software, and procedural defenses, industrial automation systems can be made both cybersecure and remote-friendly.
Damon Purvis, PLC Product Manager at AutomationDirect, wrote an article for the November/December 2022 issue of InTech. Titled Defending Remote-Friendly Environments from Cyberattacks, this article describes how cyber defenses can be layered, while still delivering usable remote connectivity.
Manufacturing companies recognize the need and value of practical remote access to their digital systems and data, but they also are aware of the associated cybersecurity risks. The NIST endorses “defense-in-depth,” but what does this mean for OEMs, systems integrators, and end users looking to achieve workable and secure remote access?
Remote Access is Essential
In years past, remote access may have been seen as an operational convenience, but today most end users regard it as a requirement for their production, engineering, and maintenance teams. Remote access provides many benefits:
- Basic data gathering
- Mobile visualization
- Enabling setpoint and operational changes
- Program upload/download
- Alarm and event notification
- Connection to higher-level MES and ERP applications
Implementers have no choice but to overcome technical and procedural challenges to provide the required effective and secure remote access.
Typical IT departments are already familiar with a layered cybersecurity approach to defend against digital and physical vulnerabilities, but OT systems have historically offered fewer cybersecurity features.
OT and IT groups must work together consistently, and not just as a project is wrapping up, to apply the appropriate cybersecurity measures to production systems.
Established technologies, such as a virtual private network (VPN), are almost always part of the solution. It is recommended that users work with a reputable VPN provider familiar with the industrial manufacturing industry. The AutomationDirect StrideLinx portfolio of hardware, VPN, and cloud services is designed specifically for machine builders and systems integrators, and it provides verifiable documentation and certifications to support any implementation.
The AutomationDirect StrideLinx solution includes methods for integrating OT assets with IT infrastructure to provide user management, authentication, and access control capabilities.
AutomationDirect works with industrial OT and IT groups to define the location and characteristics of all hardware, software, and networking architectures. StrideLinx incorporates international data centers and a service level agreement to ensure minimum latency and maximum uptime, providing a complete remote access solution.
A Complete Remote Access Solution
Some OT and IT groups may be able to create a complete and demonstrably secure remote access solution from scratch. However, a better approach is to build on an established commercial off-the-shelf solution like AutomationDirect StrideLinx, which is also certified to ISO 27001.
In most cases, the cost of engaging competent suppliers is less than hiring and retaining sufficient internal staff, creating a mutually beneficial relationship that makes financial and technical sense.