Science fiction has long become science fact
Only a few years ago, I would have dismissed it as impossible or reminiscent of a wacky science fiction film: managers who control and monitor their plant by remote access – from the comfort of their armchair, as it were, or wherever else they happen to be.
Today, scenarios like this are almost an established standard. The ability to maintain a process plant remotely is not so much expected as demanded. In the modern digital age, remote maintenance has become the norm and indeed life would be unthinkable without it.
Every now and then, however, those managers can’t help wondering whether their own plant might conceivably be at risk from…
“Computer viruses, hacker attacks, espionage or sabotage…. Many people have reservations about transferring data over the Internet for this very reason. Operators of IT facilities that are integrated with production, for example safety instrumented or process control systems, tend to take a particularly critical view. Yet it is in this kind of sensitive environment that secure solutions can have enormous benefits. Remote monitoring, diagnostics and maintenance of automation systems in the process industry can result in a set of advantages both for the plant owner and for the service partner: faster response times including predictive activities help maximize plant availability while the reduced time and personnel costs per incident enable better services to be offered at a cheaper price. The growing significance of this service model is confirmed by the fact that as long ago as 2011 Namur defined fundamental conditions and requirements for plant owners in Worksheet 135. IT security aspects also play an important role, of course (see NAMUR Worksheet 115, in German).” (Source: Article in “Chemie Technik, Issue 4/2014, in German)
So where do things stand at present with regard to IT security? Is it even possible to protect “remote accesses” from hackers or other forms of attack?
According to the BSI brochure “Industrial Control System Security” (in German) published by the German Federal Office for Information Security, “intrusion via remote access” is number 4 in the list of top threats (source: BSI).
Remote services
Yokogawa has been offering remote maintenance concepts under the heading “Remote Services” for years now. Our remote service functionality starts with
- Condition monitoring,
- Maintenance planning, and
- Continuous documentation of hardware and software inventories in the field.
Without the owner having to actively intervene, the application can also install
- Software updates,
- Security patches for the operating system, or
- Signature files for virus scanners.
Finally, the system allows us to provide reactive support to operating personnel following an incident and initiate proactive measures.” (Source: Article in “Chemie Technik, Issue 4/2014, in German)
And what about the security concept?
What security risks arise as a result of remote maintenance concepts? What threat scenarios are conceivable? How can remote maintenance be carried out securely? What form could possible IT security measures take? What does Yokogawa have to offer you here?
The first step before any remote maintenance connections can be installed is to protect – or above all take stock of and test – the existing IT security landscape by performing a security audit.
[to-caption title=”Four levels of industrial IT security” url=”https://www.yokogawa.com/eu/blog/chemical-pharma/app/uploads/2017/05/Berg_Grafik.png”]
(Source: Business Reporter, Focus: IT-Security, “Störungsfrei produzieren”, P. 4, June 2013)
By the hand
This happens in several steps: we start by appointing an expert to support our customer and carry out an on-site IT security audit. After completing the audit, we provide that customer with suitable hardware and software, backed up by a range of services under our VigilantPlant Services™ from which each user can assemble their own made-to-measure package – “Security as a Service” is the motto here. On-site emergency assistance in case of virus attacks and a variety of training and seminar events are just two examples that spring to mind.
No single, easy answer
How can an industrial plant be effectively protected? “There’s no single, easy answer, only tailored solutions. Security in process plants is more than just a technological challenge; it’s a highly complex conceptual task. To begin with, all hardware and software components have to be perfectly matched. In particular, all stakeholders must collaborate on implementing the security measures and develop a feeling for abnormal operating situations. Sound consulting and training are key pillars for this reason. From a technical point of view, plant security entails identifying factors that could restrict or endanger the plant’s availability early on, preferably automatically. It’s important to come up with a security solution that is valid for the company as a whole rather than – as is still frequently the case – simply individual components.” (Source: Business Reporter, Focus: IT-Security, “Störungsfrei produzieren”, P. 4, June 2013, in German)
Trust it to us
When it comes to remote maintenance, we at Yokogawa adhere to the maxim “You take care of your plant and we’ll take care of your automation security”. We develop efficient concepts to protect your remote accesses.
Have you got any ideas about the form your security plan should take? Or are you merely seeking comprehensive consulting for now? What should Yokogawa’s roadmap for your plant look like? If you’d like to get all of this off your chest or just want to learn more, feel free to contact us.
We look forward to hearing from you.
