Supporting Remote Connected Workers Who Keep Plants Running
Just like most other industries operating in today’s digital-first world, industrial sites now need to support remote connected workers.
Remote access brings many benefits to the plant floor: reducing time and money dedicated to maintenance and troubleshooting, decreasing downtime and making business decisions without having to be onsite, to name just a few.
As you explore what it takes to support remote connected workers, you’ll find that there are three typical scenarios to consider—each with its own set of requirements:
- Workers who need to access plant information when they’re in a different location (at another plant, at home, on the road, in a hotel room, etc.). These workers need to monitor, maintain and troubleshoot multiple plants without traveling or having to be onsite (having the ability to make software upgrades or minor parameter changes, for example).
- Workers onsite who want a big-picture view of what’s happening on the factory floor without having to walk to multiple locations and physically monitor different lines. These workers need user-friendly web interfaces that display the information they need on mobile devices, with the ability to customize and quickly search for data.
- Third-party vendors, such as service contractors, which need access to your equipment to perform maintenance and monitoring. To observe equipment conditions, conduct predictive maintenance, etc., they need to see certain data. Without this access, the vendor won’t be able to detect anomalies or know when things like parts replacement are needed.
Integrating remote connectivity with networks that control critical infrastructure requires a sound cybersecurity strategy. You need to establish a pipeline that moves plant data to and from the remote location securely. Without that, there won’t be any limits in terms of what these connected groups can access.
Even though they have different needs, information should be shared with each group in a secure manner—either on-premises or via the cloud. How can you make sure these groups have access so they can get what they need without impacting downtime, creating vulnerabilities or affecting factory operations?
Secure Remote Access for Plant Workers & Third Parties
We’ve seen some plants completely turn off firewall settings and avoid access control altogether by not securing their network: Everyone can access everything. This isn’t good business practice.
Some plants grant access via resources like desktop sharing tools. These tools don’t provide strict access control, which creates network vulnerabilities that can be exploited by hackers.
Some plants set up their networks like VPNs to allow third-party/remote worker access; however, problems arise when that access isn’t controlled. In one recent situation, a third party was granted access to the entire plant network instead of solely the data they needed. Later, when a cybersecurity company came in to conduct a penetration test, the plant failed because no steps were taken to secure or restrict access to only the data needed (and making sure that access was read-only).
The real answer to managing remote connected workers lies in secure remote access. While VPNs allow remote access to industrial control systems, they can also connect to the IT network. If bad actors are able to access one point of your system, then they’ll be able to access it all. VPNs are one of the most common ways for hackers to gain network access.
VPNs are only as secure as the underlying network. If the network itself has little protection or no firewalls or access control, then the VPN will grant access to everything. They also lack security features that today’s plants need: visibility into who has access (and what they’re accessing), controls and limits to access, minimizing downtime, etc.
Because they’re often set up to bridge a network device to a large network of servers over the internet, VPNs open up new types of threats. For example: What happens if the tablet or laptop you use to VPN in to an industrial network has malware? VPNs also have vulnerabilities that hackers can exploit if they know how to do so.
Instead of relying on VPN connections, consider establishing secure remote access connections.
With secure remote access, your cybersecurity strategy for remote workers could work something like this: Perhaps there’s a group of engineers who are allowed ready-only access to certain machines on your network, along with a few data points. They aren’t given full or complete control to a machine (or to the network)—just the bare minimum of what they need in order to do their jobs remotely and manage the factory environment.
On top of that, the system should be able to track who makes which changes so you have an auditing platform in place if anything needs to be examined later.
Another factor to consider is simultaneous connectivity. If a worker is connected remotely, make sure that no one else (onsite or offsite) can access that same data at the same time. Otherwise, one person could be making changes without realizing that someone else is doing the same thing. Equipment can be “locked out” while someone is working remotely; once that remote worker is inactive for a certain amount of time or logs out, the equipment “unlocks” so someone else can access it.
Secure Remote Access with Belden
Belden’s team of specialists knows how to connect and protect manufacturing plants and industrial networks, offering the industry’s most complete suite of end-to-end networking solutions available to help you secure your networks while offering remote access. Our trusted advisors help you build better business outcomes by boosting efficiency, agility, sustainability, safety and security.
Our Customer Innovation Center lets you co-innovate with our expert advisors—sales, technologists, application experts and product engineers—to develop, test, document and deploy solutions to make efficiency, security and innovation goals attainable. You get to see how the solutions we design will work in your environment before they go live.
Want to learn more about industrial cybersecurity or how Belden can help you prepare for remote connected workers? Visit our smart manufacturing page.
Belden Senior Solution Consultant Manager for Svc and Support, Sylvia Feng, helped me write this blog. She is a tremendous resource who can address any of your digital transformation questions. If you want to know more about this topic, email me (firstname.lastname@example.org) or Sylvia (Sylvia.Feng@belden.com).