Remote support of critical production systems in Covid-19

If, like me, you are now well versed in cooking, cleaning, muting the mic and disabling the camera every time you join the Teams, Zoom or Lync meeting, the South African Covid-19 lockdown has defiantly humbled you. I have had to adapt to working remotely very quickly; working from home, teaching kids and babysitting all in eight hours of the day is quite daunting, but it is what we all have to endure. System criticality is defined along various principles: people safety, product priority, financial impact, equipment health, and system downtime impact on process and cost. It is all the more important to focus on identifying critical manufacturing IT systems and how to support these remotely during these trying times.

The lockdown forced a finer look at the efficacy of supporting our production-critical systems: how good are our modern IT systems in allowing the workforce to work from home, access the business network and, more importantly, how good are our modern IT systems to enable us to use manufacturing IT systems and support it from the comfort and safety of our homes?

Here are some guidelines on how to ensure you are prepared for the next crisis that will require remote IT support:

• A team of competent, motivated staff with clear methods of communication.

• Documentation of system and network architectures available to manufacturing IT users and support teams.

• Remote access to business as well as DMZ/demilitarised networks.

• Enable multiple methods of access to a system. Usually I look at a tiered approach to this:

1. hysical access – can I access the server/client/device by interacting with it via my laptop/HMI and have I all the relevant security details such as passwords, ACLs, etc.?

2. Remote access inside – can I access the server/client/device remotely from within the network?

3. Remote access outside – can I access the server/client/device remotely from outside the business network?

• Security protocols revisited and geared for mass remote access to business network and to DMZs. Now is the time to revisit access control lists and maybe set stringent password rules in place.

• Grant certain technical support teams dedicated, secure and controlled remote access to manufacturing systems. I would have the business users enter the network via a completely different method (VPN) compared to the support teams; this would allow for faster access to manufacturing systems and no concerns about latency or congestion from accessing the network during peak times. Consider this when large numbers of workers need to access the network remotely.

• Permits issued to support teams who need to be on site in the event a system requires support, but is not connected to any network, or in the event where a remote connection could not be established. The amount of administration that goes into having anyone travel legally during Stage 5 lockdown really increased my appreciation for access control, security measures, and the communication around them.

Here are some tips to enable manufacturing IT support teams to ensure manufacturing processes run smoothly by enabling critical support staff to work from home:

• Appropriate device from which support is executed.

• Reliable, sturdy network.

• Administrative control of the device; all relevant accounts to match the level of service to be rendered.

• More than one method of accessing the network.

• Regular password regeneration after a set amount of sessions on the network.

• Regular check-ins to team leadership, updating with regard to planned actions and/or incidents handled.

While it is convenient to allow for secure, access controlled entry into the business network, remote entry into a DMZ is often frowned upon by many, in fact network architects and engineers develop strict protocols and guidelines that ensure industrial networks and DMZs are not accessed remotely at all, for security reasons. I do however think now is the time to evolve and mature the protocols and security practices and tools around having DMZs and manufacturing IT systems connect directly to the Internet, to reap the benefits of a connected and converged manufacturing IT discipline.

We are nearly two months into the Covid-19 lockdown with many employees working from home. Unfortunately, manufacturing processes need to run continuously in order to achieve beneficial operations. By following the above guidelines, the manufacturing IT systems can continue to enable the manufacturing processes, even though IT and support teams are not on the plant floor or at the data centre.