Why Secure Remote Access to ICS is a must-have in the industry today
IoT and modern Industrial Connectivity allow manufacturers to access ICS and remotely monitor their plants.
Not long ago, on-site access, control and maintenance to Industrial Control Systems was the only way for operators and managers to get to know what was going on the factory floor. For an organisation to make changes of any nature to critical systems, it was crucial to have readily available onsite engineers and support. This has proved to be financially straining and often, difficult to coordinate.
In the digital age, IoT and modern Industrial Connectivity allow manufacturers to access reengineered systems and OT technologies to remotely monitor their plants, even if they are geographically dispersed, increase the visibility of their operations, and improve their manufacturing productivity. Industrial remote access has become a defining factor for many manufacturing operations as it supplies real-time information for efficient decision making, resource optimisation, and the improvement of processes.
Additionally, as a result of the pandemic and other political factors happening in the EU and the UK, manufacturing and many other industries will further develop hybrid models of on-site and remote-based work, which require resilient remote access systems to function at their best.
How does secure remote access work?
Remote Access is a plant optimisation system that let your team connect to ICS remotely through Virtual Desktop Interfaces. Basically, it mirrors your plant’s systems, so operators and managers can access the factory floor data through a “virtually direct” connection to the SCADA, HMIs, PLCs, IACs and other systems.
See in detail how a proper Secure Remote Access system should be configured.
As Network Integrators, in Polestar we highly recommend that the access to your ICS proves to be resilient and secure. That demands the implementation of a mix of secure industrial connectivity systems, processes and policies, and not necessarily one single technology that is self-proclaimed to be secure.
General factors of a Secure Remote Access model may include:
Multi-layered Security: Implementing cyber security measures and systems across each level of your production layout is a must-have to protect data and assets from threats.
Agile Connectivity & UX: Accessing your ICS should be fast, easy to manage, yet sleek. Hence, productivity is ensured.
Compatibility: Systems should seamlessly integrate and develop compatibilities to prevent security gaps within the multiple apps, platforms and devices that are interconnected.
Organisations need to give careful consideration before adding a new Remote Access connection for their industrial control systems. For that reason, we recommend making this purchasing decision accompanied by expert consultants that guide you in the tailoring of the solution and the securing of your IT & OT networks and Industrial Assets.
In the next section, we will describe more specifically what is needed for optimal and utterly secure Remote Access.
Committing to a SECURE Remote Access System
Zero Trust. That is all you need to commit to a Remote Access solution. No, really... it has been calculated that the industry loses about $100, 560 million per minute when their productive systems are stopped due to unpredicted maintenance, systems intrusion, or malfunctioning. And that number does not include ransoms demanded by hackers. Read about the risks associated with remote work.
Zero Trust is a Secure Network Architecture model that helps in preventing data breaches. Based on the “never trust, always verify” principle, Zero Trust is designed to protect modern industrial environments by leveraging network segmentation, avoiding/preventing lateral movement, deploying Layer 7 threat prevention, and simplifying granular user-access control.
Until the late 2000s, Static Defense mechanisms gave intruders ample time to analyze your network for vulnerabilities. Under COVID, administrative processes underlying most remote access systems changed. To maintain the control and security of the Industrial Networks, Role-based access control, Task-specific workstations & VDIs, Per protocol - per port whitelisting, Moving Target Defense (Recommended by NIST 800-150 v2), and Standardised access and approval processes among others are needed.
Finally, features like Disposable virtual desktops (Standardized workstations and sacrificial components), External internet & Inbound ports blocking, SDPs for remote access, End-to-end encryption, Whitelisting (Definition of access based upon time, user, protocol, and device), Scheduling (Define access windows in advance), Automated recording, Multi-factor authentication and One-click enforcement (requiring MFA or virtual desktops for your users) are extras that help increase control over who is who, who sees what and when, and who does what and when inside your ICS.
Platforms like Dispel SRA backed up by Secure-by-Design Industrial Networks comply with these standards and help you embrace all the benefits of IIoT & digital transformation.
Benefits of having a SECURE Remote Access
Secure Remote Access to ICS allows quick efficiency wins, helping accelerate the strategic pipeline of production by securely grant access to real-time manufacturing data from every system, on any device, to those who have authorised access to it. Remote Access systems also make virtual commissioning and predictive maintenance more streamlined. This helps managers to save costs by reducing unplanned downtimes (see the impact of unplanned factory downtime on the chart shown below) and the production flow is continuously improved.
Most industrial organisations pay out a significant percentage of their operating revenue on employee labour costs, which represent part of O&M expenses. To reduce overall O&M costs, let's revise in the very first place why labour costs tend to be high. At any given industrial layout, an operator may need to tend to a machine either for 20 minutes or 2 hours, but no one knows exactly when this might happen. As a result, several operators are needed on-site 24/7 to solve problems as soon as they occur. Multiply this by the number of facilities you have. The cost rises if you need experts to travel from one location in, for instance, Nottinghamshire, to another in Istanbul to perform commissioning.
The way to address on-site issues quickly, without carrying the costs of multiple 24/7 operators or travelling expenses, is with secure industrial remote access systems. ICS remote access allows your operators to address problems instantly through secure Virtual Desktop Interfaces, without requiring them to be physically present. This leads to a reduced spend on employee labour costs and lower O&M expenses.
The goal, anyways, is not to eliminate 24/7 presence entirely. Having available operators on-site at all times may be a necessity for your industrial organisation. However, with secure industrial remote access, a team of 2-3 people can more effectively handle the work of 7-10 workers. This way, you are simply getting more out of fewer employees, and improving their quality of life. Consider too that, when implementing compliant secure remote access, manufacturers will follow British & EU regulations for contractors. See the Equality Act of 2010.
As its name implies, Security is held at the highest relevance of Secure Remote Access systems, aiming to protect industrial data and assets. When you implement a Secure Remote Access system you are in reality implementing a prevention and mitigation plan against intruders’ attacks and ICS instabilities. With new nodes, devices, remote teams, and networks being implemented in industrial facilities, features like user authentication allow for data access to be limited to only authorised accounts within the company, encryption makes sure that data is not readable to intruders, and screen recording help plant managers to gain more control over what is being done remotely in the ICS through VDIs.
Virtual Commissioning and its Importance
Virtual commissioning or Remote Commissioning involves performing certain functions (designing, installation, testing, control) on industrial control systems through a virtual machine or VDI to avoid system errors. Using a secure cloud connection, you have now remote access to your plants’ systems from anywhere in the world.
Remote commissioning results in a cost-effective alternative to on-site commissioning, where costs otherwise associated with getting on-site engineers are avoided. Travelling on-site demands time, and during unplanned downtime, every minute doubles rise O&M costs. The more quickly you can reliably deliver to customers, the happier they will be, and revenue streams keep healthy.
Another benefit of performing remote commissioning is that Engineers can be more productive. By working remotely, they can focus on solving issues without on-site distractions, they can be engaged on multiple projects at the same time, and, by having several experts all in the same place, work becomes more flexible and collaborative.
Digital transformation strategies like remote commissioning and ICS remote access help with more than reaction times, they also reduce your costs. Digitalisation can reduce operating expenses by up to 25%, leading to higher profits, and performance gains of 20-40% in safety, reliability, customer satisfaction, and regulatory compliance.
We provide secure remote access designed for OT networks. Built on Moving Target Defense architecture, our SRA helps organisations enable OT remote access while staying aligned to regulatory frameworks and compliance standards. If you are looking to securely bring an OT network online, or harden existing Internet-accessible OT assets, schedule a demo at our Secure Remote Access service page.
To access our IIoT specialists' knowledge and expertise, simply book a low-cost, agile 2-hr Industrial IT assistance session!