Remote Work Ratchets Up Security Risks on the Plant Floor
The COVID-19 pandemic pushed many workers from their usual place of business to their kitchen tables and basements. A few years ago, this would have been unthinkable for those managing plant floors. As more and more companies have moved to implement connected manufacturing technologies, this ability to work from anywhere, even in manufacturing industries, is now possible, but has also created risks for these enterprises.
The same Internet of Things (IoT) technologies that fuel connected manufacturing are also the ways that hackers can access the network and meddle with both information technology (IT) and operational technology (OT) systems. Digitization has myriad benefits, but it also comes with inherent risks, and IT/OT convergence doesn’t make it any easier. Manufacturers should be concerned about the rise in ransomware and cyber-attacks that have taken advantage of the vulnerabilities specific to the OT environment.
The Risk Involved
Secure remote access provides both a secure line of communication and an avenue for remote access to enable the active management of access to the machines, equipment, controllers and systems on your plant floor. Most manufacturers use equipment brought in by original equipment manufacturers (OEM) or system integrators (SI), who can remotely connect in order to troubleshoot and manage that equipment, including human-machine interfaces and programmable logic controllers. Thanks to secure remote access, they can respond more quickly to issues and provide better uptime and availability for their equipment.
While some manufacturers are on top of their secure remote access policy and management, many are not because it’s complicated. Numerous OEM and SI partners need access to parts of your manufacturing lines; depending on what industry you’re in, your plant may or may not have to adhere to regulations that require stringent cybersecurity plans.
Secure remote access is about much more than the technology used to enable it, which in most cases is a virtual private network (VPN). The VPN provides the infrastructure, serving as a secure virtual tunnel, for managing who is traveling through that tunnel to access your plant floor from anywhere — including their kitchen table.
Controlling Virtual Traffic
With secure remote access in place, you can manage the policy and procedures, control who has access to what, ensure secure communications, and conduct audits and traceability of service.
One way to restrict access is to enact a specific firewall rule configuration that only allows outbound, not inbound, traffic from your site. That inbound traffic is restricted to specific IP addresses with authentication requirements, further limiting that access. By restricting the communications capabilities and managing access, you’re able to monitor, track and log all activity—proactively controlling the virtual traffic on the plant floor, using data to resolve issues in a timely fashion and reducing unplanned downtime.
People, Policy and Procedures
Security must be a part of the workplace culture and to make that happen, manufacturers must focus on three things.
People: This includes everyone who is involved in the use and management of secure remote access, including third-party security providers, OEMs and system integrators who have users with access, site staff and managers and the corporate governance team. These teams are key to making policies and procedures work. With the right education and training, they will help you create a culture of security in the workplace that will help decrease vulnerabilities and risk.
Policy: The policy is where you start – this guiding principle defines how secure remote access will be managed. It should outline who needs access, to what, and why. It should address whether there’s one process or multiple, whether access is centralized or spread out, and whether this is active or passive management. Are there other policies that need to be taken into consideration when developing this one, such as the overall security profile? If you already have a policy for physical security, which might include badge access and rules about who is allowed where, how does that extend to or interconnect with the remote community? If you want to revise your current policy, review logging and traceability capabilities as well as audit results. And don’t forget to test your own system to look for holes and improvements.
Procedures: This is where you explain what steps need to be followed to enact the policy. When documented and put into place, procedures provide great value as playbooks that anyone should be able to understand and follow. Procedures bring it full circle – ensuring that the people involved are properly communicated with, that consistency is maintained through any workforce turnover, and that a culture of security is part of the conversation.
Connected manufacturing offers huge potential, but if you don’t actively manage the remote access to your plant floor, you are exposing your assets to vulnerability risk. And that risk is becoming more serious.
Quade Nettles is Global Cyber Security Services portfolio manager at Rockwell Automation.