The main purpose of remote functions in industrial control systems is usually to limit the number of personnel on the production site, reduce support costs and have easier access to expertise such as a vendor or operator expertise.
Implementation of remote control, remote maintenance, or remote engineering may, however, introduce new security vulnerabilities and operational risks.
A risk analysis, as per company policies, should be performed to identify and mitigate the risks induced by the use of the remote function.
Operational and organizational issues are outlined below but are not detailed further as this article focuses on technical aspects of remote functions.
All requirements for remote functions should be defined during the early stages of the project so that they can be adequately developed in the further design phases.
A clear operating, control and safety philosophy should be developed to address operational and organizational issues before the technical design and implementation of remote functions.
This philosophy can include:
- Drivers determining the selection between local or remote functions
- Required behavior in case of loss of communication
- Coordination between remote and local teams
- How transfer of operational authority is controlled between the local and remote site both during normal and abnormal situations (e.g., blackouts, loss of communication)
- Incident management and emergency response (to either a local or remote event)
- Management of work permits
- Locations of remote access
- List of systems that need to be remotely engineering or maintained
- The requirement in term of remote monitoring
It could also include specific requirements for HMI performance and operability which could influence the selected architecture.
Another aspect that should be considered for remote operation is communication and situational awareness at the plant.
Basic requirements can be fulfilled by traditional technologies like telephones, radio, video conferencing, and supplemented by CCTV, personnel tracking, weather conditions, and other monitoring systems.
Management and Control of Remote Functions
To avoid unauthorized and/or incorrect remote changes to critical systems, further restrictions can be enforced such that remote modifications to systems are impossible unless explicitly requested and authorized by site-based personnel.
These safeguards or restrictions can be a combination of procedural and technical controls.
- Site procedure to explicitly connect and disconnect remote access as part of the work permit procedure
- Ability to enable and revoke access rights on the local system
- Ability to monitor any live remote sessions and changes made using remote sessions
- Requiring site personnel to explicitly accept remote access using two different actions (e.g., type ‘yes’ and click on an accept button when remote requests are received)
- Automatic session disconnection after a set period
- The requirement for site personnel to generate and share one-time passwords with the remote user
- Ensuring keys are not left in the ‘on’ position to prevent remote changes unless when authorized
Telecoms Capability and Support
Often, remote function solutions are constrained by the available telecom infrastructure. Where feasible, the infrastructure may be upgraded to prevent unacceptable delay or to avoid creating a common mode of failure.
The selection and design of communication infrastructure can address important factors such as quality of service, response time, reliability, and availability.
Ongoing support and management of the underlying infrastructure and technologies across the end-to-end architecture (including those used in the intermediate network or demilitarized zone (DMZ) and the remote location) can also greatly influence the effectiveness of the remote functions. Upfront consideration and planning of support requirements and the organizational roles and responsibilities is important during solution selection and design.
Source: International Association of Oil & Gas Producers
Acknowledgments: IOGP Instrumentation and Automation Standards Subcommittee (IASSC) Remote Operating Centres Task Force.
- Types of Industrial Control Systems
- How to do Loop Checks?
- Industrial Automation Commissioning
- Importance of PLC Grounding
- Alarm Management System