Safe Remote Maintenance of Plant and Machinery
The developer knows his product best and is therefore able to correct any malfunctions as quickly as possible. If he wants to do this for machines and plants sold internationally, he must be able to access them remotely. In this operation, the operator must take into account a number of elements to protect his production and company network from unauthorized access.
More and more globally active manufacturers want to take advantage of the opportunities offered by the digitization of their products and processes, drawing the necessary data from the same machines and plants used. One of the advantages for international manufacturing companies lies in the improved reactivity to emerging failures on the part of maintenance personnel. In addition, production processes can be optimized based on the information gathered. However, to make the best use of the data, knowledge of the detailed processes must be integrated into the life cycle of the entire production. Usually only machinery and plant suppliers have this special know-how. Secure and controllable access to application information installed at the operator offers the opportunity to benefit from the knowledge of machine and plant manufacturers within the production process.
An OT-tailored architecture for a secure global remote access
A company with several plants in different regions of the world therefore faces a number of additional challenges in modernizing its production. Goals such as increased productivity, new production processes or the automatic linking of production with a digital market cannot be achieved without integrating the individual machine or even each product into a modern industrial communication concept. The demands for ever more detailed data to increase the potential for process optimization, energy efficiency or availability are too high. In many countries, this is contrasted by a market with a constantly decreasing number of qualified technical personnel. In this context, it makes sense to involve machinery and plant suppliers as the bearers of know-how in meeting the challenges through secure access to remote maintenance.
In a smart factory, manufacturing worldwide, the challenges described above can be solved with an architecture tailored to OT needs for secure global remote access, consisting of industrial network components, such as routers and switches, which can be monitored and controlled both locally in the corresponding factory and from company headquarters. Finally, it is essential to protect the entire company IT from the risks of global interconnection. Based on a risk assessment, e.g. according to IEC 62443, it is useful zoning the infrastructure, taking information flows and risks into account. Following the division into IT and OT, these areas are separated from each other by a firewall. Such an interface also requires intensive collaboration between employees on both sides of the company. In the future, communication from the sensor installed in the field to the Internet will be increasingly intensive.
Further segmentation of production areas enhances security
In production, OT’s area of expertise, further segmentation of the plant and function infrastructure will take place. In this way, the spread of a possible incident can be limited to individual areas. The rules stored in the routers ensure that only selective communication relationships exist between the systems, which reduces the potential for attack and disturbance accordingly. Each of the zones is therefore protected by a VPN router. The security devices, which have been specially developed for industrial applications, offer maintenance personnel the option of enabling a communication channel for the respective machine or system manufacturer via digital inputs and outputs, while still protecting the system from unauthorized access. For this purpose, a VPN tunnel is activated via a switch simply connected to the device. An LED indicates the connection status at the same time, reducing the risk of the communication connection being opened unnoticed. Under the firewall, switches can be used to set up redundant networks for machine access to ensure stable data transmission.
In conclusion…
In conclusion, manufacturers must introduce a documented and standardized procedure for communication in order to take advantage of its progress by ensuring secure remote access. Industrial communication-based architectures and processes will continue to cope with the increasing flow of information in the future, thus contributing to the stability and growth of companies.