Remote Access To PLC's - Good or Bad?

My colleagues and I were discussing whether or not remote access to a PLC network is a good thing or not? I thought this topic would be good to bring up here.

The main pro is convenience the main con is security.

Methods include VPN's and dial-up modems.

Any thoughts, stories or suggestions?

The method we use is with VPN this is managed via a connection PC which is only accessible when given permission through the network administrators. Normally the connection path remains closed until they are asked to open the connection. Dial ups I've found to be unreliable and slow compared to VPN

I also use VPN to connect to numerous customer PLCs and PCs. I only have one that still uses dial-up. The access is fairly secure as for someone to violate and connect without permission would require hacking into the VPN. Even then, one would have to know the correct IP address and the type of PLC. And even further security could be added with a PLC password.

On the otherhand, you have to weigh the above risk tolerance with how critical the application is and even how dangerous. I would shudder at the possibilities of someone getting online and forcing outputs ON to heavy equipment that could endanger someone's life. Or cause dangerous situations with the process itself (explosions, fire, overrun of tanks). To that end, a secured dial-in offers more security as the phone line can be disconnected when not needed.

It'd be interesting to know if there is a hardware means of locking down VPN access. Hardware meaning physical loss of connection without interrupting other ethernet connectivity to the process. Not relying on the security of a router or bridge.

Another question for you gurus. Is there any means to LOG access to a PLC? Suppose someone does hack in, causes a dangerous equipment failure and then disappears into the wind. Now you have a customer blaming your program. That's a huge liability issue.

I am currently designing a system, whereby access to the PC at the heart of the network is controlled by the guys on site.

They will be using a switch to control the USB modem only when access is needed in the event of a fault or similar.

I will also be using LogMeIn to remote control the PC. All other PC functions will be locked using Windows Steadystate which is available as a free download from Microsoft. This works well and stops access to many of Windows functions if you choose it to.

Jon.

I have found that those outside the plant do a lot less damage than those that are inside the plant changing bits from their desk instead of going to the equipment and doing some investigation.

I think Ethernet access is a must in todays manufacturing environment. Where uptime and cost reductions are a must Ethernet comes in handy. For example we have 20 plants spread across the the 5 states, with all support people (non maintenance) located in one location. 24x7 no matter where we are we can get into any plc. With passwords on the plc's, lock downs in fire walls, etc, you need to be plugged into the network and have the right software to make changes.

Out side vendors need a vpn token, have rights to access that plc, and have a network account. So we reed the vpn token number to them so we can control when they get in, and limit them to just one spot.

The whole point with security is balancing functionality with acceptable risk. The advantages of Remote Access are obvious, and requirement demands seem to steadily increase with technology. Weigh that against the associated risks - not the least of which is an user creating a problem that they can't take care of remotely.

That said, I think remote access is a great thing! Favor VPNs over modems and consider applications like gotomypc "bad" in this sort of application.

I wish more people took advantage of this technology. I work for an OEM and we have very few customers that allow remote access at their facilities. I suppose there is a little reluctance to have a person connect remotely to their equipment without knowing much about them. I could see how they could be afraid of someone getting in there and making things worse (although when you are down, it's hard to make it worse). And there is also the security factor that others mention.

For the few customers that I have connected to remotely, it was a win-win situation. My company didn't have to send me out and the customer didn't have to wait for me to get there. I tend to be more careful when modifying equipment that I can't see too.

I had one customer that had a issue with their machine and although their people had a computer and all the software, they didn't know how to get connected to the PLC. We used a piece of software called RAdmin (like PCAnywhere) and I connected to it and talked them through setting up Linx and getting online. Then I talked them through the program and helped them find their problem. I let them do all the work, but it was quick and easy because I could see their screen.

Remote access FTW!

The one thing that I rarely see mentioned or concerns about with remote PLC or HMI access is safety and how safety protocols will be implemented.

Granted, there should be hardwired safeties that lock everything out, but still it concerns me that people who are not on site can start the machine or force outputs to fire without being able to see what is physically going on.

Then again, maybe i'm just getting too old and cautious. Or then maybe I have seen how many Bubba's are missing a finger and wonder how it happened.