Introduction
With remote access, a user connects to a control system (PLC, CNC) or an operator device like an HMI (human-machine interface) over the Internet from an arbitrary location. This user can then have process data displayed or can intervene in the control program.
Control systems are typically not designed with IT security in mind. Once a user has successfully connected to an unprotected control, they can access the rest of the corporate network relatively easily. This kind of access must be blocked, however. Accordingly, control systems or other devices provided for production lines or machinery need to be protected with appropriate IT security safeguards before they are connected to the Internet. Effective IT security systems for remote access work on two levels. On the one hand, they manage access rights for machinery or the corresponding remote access endpoints. This makes sure that only authorized users gain access to these machines. In addition, IT security measures need to protect against more wide- ranging cyberattacks from outside the company. This involves making appropriate structural and organizational changes – both in terms of hardware and software. IT security models are a fundamental part of achieving the right level of IT security in a company. The earlier that this topic is covered in the design and planning of the machine or production line, the greater the protection that can be offered by the final security model.
This white paper first takes a look at the basic working principles of the remote access system provided by Red Lion. This is followed by a detailed presentation of the relevant components in terms of their security aspects, plus a solution strategy designed to meet the strictest IT security standards.
Basic Principles Of Remote Access
A remote access system lets an authorized user – such as a service technician – connect to a PLC or an HMI¹ as a device over the Internet from an arbitrary location. While this sounds simple, it is much more complex in practice. The user’s route to remote access doesn’t simply work by linking their computer to the machine over the Internet but also involves a cloud-based service. The user first connects to the cloud over the Internet and the cloud then provides the user with access to the machine for which they have access rights.
Remote access: a three-part system
An industrial remote access system is therefore made up of three components: The first and most central component is the cloud itself. The cloud receives the user’s request and establishes the connection to the control system. The second component in the system is the security protecting remote user access: only authorized users are given access to the cloud. The third and final component is the connection between the cloud and the control system or some other device. This is handled by a router placed between the machine or device and the Internet, which only allows authorized traffic through to the corporate network.
The Red Lion ecosystem comprises an industrial remote access system with cloud connectivity and an industrial router. The system accounts for all of the relevant security factors and features. With Red Lion, the cloud is synonymous with the RLConnect24 Remote Service Portal, which is used to store the access rights as well as the router configurations. The Portal also establishes the connection between the user and the machine.
Download the complete white paper from here:
https://timestech.inwp-content/uploads/2022/12/IT-SECURITY-IN-INDUSTRIAL-REMOTE-ACCESS.pdf
