Key points of emphasis made by Mariappan:
• Regardless of whose PLCs are on the discrete pieces of packaging equipment in a line, as long as those PLCs are networkable, remote access is possible. A key to making it all work is a central gateway, which in this application came from Rockwell; can lines, bottle lines, utilities, the syrup room, a plant alarm management system, line information system, and email servers all connect to this hub.
• Security is critical. The very word “remote” means out of sight, and when things are out of sight, how do you know they are secure?
There are so many ways an attack can occur:
- An attacker can capture or guess necessary credentials.
- Data can be injected into a network.
- An attacker can force his way into a network through coercion.
- Communication can be listened to and hijacked.
• Good security practices include:
-Undertake a threat and risk assessment.
- Eliminate direct communication.
- Secure modem access beyond default.
- Establish user-specific authentication servers.
- Use multifactor authentication
- Use dedicated hardware and software to support the remote access solutions.
• Be sure to understand the differences between industrial networks and IT networks before launching into a remote diagnostics project. And once a project is launched, clearly identify the responsibilities of IT people compared to production and manufacturing people.
• Find a good way to show the plant manager and other key stakeholders a demo of some kind to gain their belief in the business benefits of remote diagnostics.
• Among the things that can be done with remote access:
- You can log into PLC ladder logic programs and troubleshoot from any secure access point.
- You can do online training.
- You can do remote HMI control.
- You can execute process monitoring to resolve deviations.
Mariappan showed photos of his Blackberry phone with a graphic showing real-time conditions on the plant floor in the Eden, MN, plant. Without remote access to the network over the Internet, this would not be possible. He also cautioned that when it comes to connectivity, VNC (Virtual Network Computing) is not as secure as VPN (Virtual Private Network). He provide an analogy to drive home his point about security.
“Picture a tunnel from your office to your home. If you drive through that tunnel, you can’t get carjacked. But if you drive on the highway, a public way, you can get hijacked.” His advice: If you connect to the network remotely, make sure it’s through a tunnel and not on the highway.