Managing the Risk of Remote SCADA Access – Automation World

One of the biggest benefits of Ethernet on the plant floor is the ability to remotely connect to plant floor systems. But along with the benefits of remote access come the heightened risk of cyber-attacks.

Despite this, more and more manufacturers believe the risks are worth managing to drive their operations into the future and ease the process of accessing and sharing data across sites for better decision-making, as well as reducing the cost of onsite troubleshooting and repaira great deal of which can now be accomplished remotely.

Considering that a key initial Industry 4.0 achievement is remote access to SCADA (supervisory control and acquisition) systems, we spoke with Ben Manlongat of Outbound Technologies, an industrial automation system integrator to learn more about how manufacturers can best manage the risks associated with remote SCADA access.

Beyond the obvious concerns about a hacker taking control of any aspect of your production operations, Manlongat say its also important to consider the impact of an outsider gaining access to your SCADA data.

Ben Manlongat, Outbound TechnologiesIf someone were to intercept your data, how could that affect your business? asks Manlongat. You have to think about how you could be harmed if your competitor were to get that information. And don't think that because everything [on your SCADA system] is read-only that everything is safe. If a COM (communications) port is open, a hacker could gain access to any laptop on the network to get to the COM port of the device and then start making programming changes. And once those programming changes are made, the hacker can take control of your system. Its critical to ensure the COM ports on your devices are protected and make sure there are no available device tags that are predefined by the manufacturer for use in controlling the device.

Core external aspects to consider about SCADA remote access security include:

Internal risks include:

Given the ever-growing level of risk to industrial control systems, we asked Manlongat if it was even possible to truly protect a SCADA system that has been networked for remote access.

The quick answer is yes, because there are different ways to configure an internet-connected plant floor network for remote access and read-only viewing, he says.

According to Manlongat, if youre looking to do read-only remote access with no potential for remote control: 1) Dont connect directly to controllers performing operations; 2) use a VPN to connect the plant floor to the internet to establish a private, encrypted connectionwith traffic on the VPN encrypted. With this setup, even if someone were able to access the networks traffic, they wouldn't be able to read or understand it; and 3) use MFA so that, in addition to user name and password requirements, you also need to the authorized person's smartphone or other mobile device.

If you're looking to do read-only remote access and send data to the cloud for artificial intelligence/machine learning analytics, Manlongat offers two recommendations:

See more here:

Managing the Risk of Remote SCADA Access - Automation World