Industrial Ethernet comes in many flavors as does the applications that use the backbone to perform various tasks and functions. For instance, email would be an application, and remote access could be considered a function.
Remote access has come to the forefront since COVID-19 has entered our orbit. Many IT people have been struggling with how to securely allow personnel to have access to their applications and to keep plants running. I don’t think they are winning the battle.
According to a survey by NetMotion, a Seattle-based software company, 89% of remote workers have reported issues in accessing their technology space to use applications and get their hands on the data needed for them to do their jobs. Most are using VPNs to access company data.
MobiKEY from Route1 solves this problem in spades. Remembering that remote access by definition is to replicate the on-site work environment remotely. Using a VPN does not perform this function.
MobiKEY is a smart USB key with an application that boots off the key to create a user interface that uses the guest’s keyboard, mouse and screen. No other resources are used, and it leaves no traces of the data session. It has security “out the yin yang,” so typical VPN injection code cannot be implemented while using MobiKEY.
You can access multiple targets, which serves a great benefit to controls engineers and process guys. Multiple SCADA nodes would have the MobiKEY software installed to allow them to be seen by the guest when MobiKEY is running.
Most of the issues that users are having during this pandemic are due to the lack of solid Internet. A VPN will drop if there is a timeout of communications. The applications you may be running are running where you are, not from the target. This means you could be in the middle of a document and lose the VPN. Then the document content is lost, and you have to start over.
MobiKEY is different in that you are running the application from the desktop at your desk directly.
[javascriptSnippet ]
Remembering that remote access is replicating the on-site environment, it is easy to see how MobiKEY can save some frustrations.
TeamViewer is another remote access application that is widely used because it was free. TeamViewer has changed its licensing from free to a commercial-based pricing model.
This makes remote access a line item in the budget, which can run up into the thousands, but as we know now we must have access to this technology for our control networks.
Remoting is such a pervasive function that the Organization for Machine Automation and Control (OMAC) has formed a work group to develop guidelines for remote interfacing to systems—a standard, if you will. This will need to incorporate all facets of remote access based on who needs it and what they do.
As an example, an employee who needs to get email from the cloud is different from a controls engineer who needs to monitor SCADA. The engineer needs to have direct access to the industrial network that all the devices are connected to.
If the engineer were using a VPN, a license would be needed on the software for each device, whether it's a company-supplied device or a bring-your-own device (BYOD).
Using MobiKEY to connect to the workstation at the plant level, which already has the software licenses needed to get the work done, saves the company a ton of dough on buying additional licenses.
Two-factor authentication (2FA) is a must from a security point of view—something you have and something you know. TeamViewer will send an authentication code to your cell phone in order to initialize the connection.
Using a VPN is easy, but it’s not remote access, per se. You can access resources remotely, but that isn’t remote access. The National Security Agency (NSA) has put out a warning on VPNs, suggesting they are prone to network scanning, brute force attacks and zero-day vulnerabilities. This should scare you.
A new alternative to VPNs is making headlines. It is called software-defined perimeters (SDP)—a new acronym to learn.
VPNs hide people on the world’s side of the firewall. IT peeps don’t really know what is going on behind their firewalls when a VPN connection is made. SDPs provide an answer to that.
People accessing the resources of the corporate network become part of the network at the edge.With cloud-based computing, remoting is intrinsic. For controls-engineering and plant-floor operations, that doesn’t cut it. True
remote access is required. There are many choices, but none that I have found that shapes up against MobiKEY.
TeamViewer installs software on the guest device, which MobiKEY doesn’t, so you can use any device reliably. BYOD is a not an issue.
We need to organize our industrial control networks for us and have access to them for us at a cost that doesn’t kill our budget. Remote access is now a line item. Research wisely.
