Visit our Content Hub!
Access free downloadable content curated by our editors.

Lock the Back Door to Keep Cyber Criminals Out

From building a cybersecurity strategy to using technology that blocks bad actors from sneaking in through a remote access connection, OEMs have new ways to protect themselves and their customers.

Getty Images 597317495

While cybersecurity has always been a concern for business, since the pandemic cyberattacks are on the rise, according to the Ransomware Task Force (RTF), an international coalition of experts formed to combat ransomware criminals. We can see the effects of cyber sabotage with the hack on a water treatment plant in Florida back in February, and the more recent shutdown of the Colonial Pipeline due to a ransomware threat.

But cybercriminals are not just targeting critical infrastructure—every single business can fall victim to these malicious acts.

As more manufacturers are letting technology partners and machine builders connect to systems through a remote access point, there are more ways for cybercriminals to sneak in and wreak havoc on a company, be it deleting important data or shutting down production unless a ransom is paid. This is causing concern for manufacturers that are using machines from many different OEMs.

For example, Cargill is a global manufacturer with facilities in 70 countries. “We have so many OEMs that we mostly deal with at the local level,” says Dominic de Kerf, Cargill’s smart manufacturing expert focused on automation, instrumentation, and process control. “They know a lot about their machines, but cybersecurity is not something they do well.”

And every supplier has a different remote access method, making the management of securing who is coming through an opening into the plant an IT nightmare. “We can open a secure connection, but it’s complicated,” de Kerf says. “We need some control and accountability.”

The concern was so great for de Kerf that when asked to join a remote access workgroup within the Organization for Machine Automation and Control (OMAC), he gladly accepted. Over five months, the group, comprised of representative from major manufacturing companies, OEMs, system integrators, and automation vendors, worked on outlining a seven step process for creating a comprehensive remote access plan that includes a careful assessment of security, corporate policy, usage, and monitoring requirements.

With ei3, equipment owners can access real-time information on secure remote service sessions across multiple sites. Users can also set up alerts and create automated reports containing detailed service session logs to track and audit all activities.With ei3, equipment owners can access real-time information on secure remote service sessions across multiple sites. Users can also set up alerts and create automated reports containing detailed service session logs to track and audit all activities.ei3

New resources to build a cybersecurity strategy

The result is the Practical Guide for Remote Access to Plant Equipment which was released in January 2021 and details best practices used in manufacturing to define, analyze, control, improve, and secure remote access.

The OMAC workgroup was facilitated by ei3, a provider of technology used to increase machine performance and secure remote connections. The company brought in Mark Fondl, founder of consulting firm ICT Global, to lead the project.


Watch video   Watch this Take 5 video on 5 Ways Manufacturers Can Improve Cybersecurity

“I wanted to get the perspective of an entire ecosystem and develop topics and areas of discussion that are not so technical, but the goal was to develop common sense practical points of view that anyone can use,” Fondl says. “The target was not major corporations, but middle and smaller-sized manufacturing plants that may not have the experience but are looking for guidance in regard to remote access.”

Fondl recruited big CPGs, including Cargill, Frito-Lay, and P&G, as well as OEMs like ITW Hartness, Durr USA, Milacron, Mettler Toledo, Nordson, and ProMach. He also brought in technology suppliers Beckhoff Automation, Mitsubishi Electric Europe, SICK, Siemens, and of course, ei3, as well as many system integrators and associations like PMMI.

The 90-page guide, which is vendor agnostic, goes through specific steps to consider taking to safeguard a facility, focusing a lot on processes and terminology—especially between IT and OT departments—because although they may use the same words, they often have different meanings.

“I created a fish tank analogy when talking about IT and OT,” Fondl says. “They’re like two fish tanks, one fresh water and one salt water. To the outside observer they look to be the same, but if you live in one and are moved to the other, the subtle differences can kill you.”

In fact, data from a 2020 survey of CPGs conducted by PMMI and published as a Business Intelligence report called Trends in Adoption of Remote Access, noted cybersecurity as the top concern of remote access, followed close behind by organizational IT/OT barriers. According to the report, respondents were also concerned that there was no practical guide to help start the process of adding new remote services. Well, now there is.