Guidelines for remote maintenance of machines and systems

Status:

completed 04/2024

Aims:

The number of industrial machines with digital interfaces has risen steadily in recent years, and the trend is increasing. As a result, more and more machines are being monitored or maintained remotely. This is often easier for the manufacturers of such machines than sending out a service technician.

However, providing access to machines from outside the operator’s premises presents major risks if consideration is not given to the associated security aspects. Many companies who are already taking advantage of means of maintaining machines remotely are not conscious of the risk of a possible attack by hackers.

Research group Trend Micro Research showed in its report published in January 2019 that many remote control systems on industrial cranes could be controlled alarmingly easily from unauthorized remote control devices. We are also increasingly observing attacks on industrial plants which present life-threatening situations for employees, besides causing economic damage.

For this reason, this project examined the process of remote maintenance and remote control of machines from a security perspective, and developed means of making remote maintenance secure. Furthermore, the project’s findings were to be incorporated into practical guidance for preparation of a risk assessment of machinery.

Activities/Methods:

The IFA has therefore examined which measures can be taken at the development and manufacturing stage to impede dangerous attacks. A practical guidance document (FBHM-133) has been created for the preparation of risk assessments for plant and machinery equipped with interfaces for remote maintenance or remote control. This document is intended in particular to meet the needs of labour inspectors and operators of machinery. It was not possible to create a further practical guidance document providing information for manufacturing companies on the current most significant causes of security vulnerabilities in programming.

Results:

Since remote maintenance of machinery is a highly cost-effective option, it is now increasingly being offered by machinery manufacturers. The topic has already been addressed by several standards as a result. EN ISO 13849, for example, permits modifications to be made to safety-related software during remote maintenance only if the modification is subsequently validated locally. Should on-site validation not be ensured, it must not be possible for safety-related software to be modified by remote maintenance. However, the issue of security is almost entirely absent from the standards. Since, according to an IFA survey, small and medium-sized manufacturers and operators of machinery are those particularly facing difficulties addressing security, this project developed the simplest measures possible to prevent data from being compromised. The measures were published in FBHM-133 in conjunction with the BGHM, BG ETEM, BGN, BGRCI and Phoenix Contact. Basic measures for making remote maintenance more secure may include, for example, the principle of least privilege, and limiting the duration of remote maintenance access. It is also important that only the operator should be able to initiate access, in order to be aware of what is happening in the internal network at all times.

In addition, the observations made are to be incorporated into revisions of a number of publications (including a new Annex O for IFA Report 02/2017) and presentations. During the project term, the Log4Shell security vulnerability incident revealed a further problem within companies. Where security vulnerabilities become known in products that are also used for remote maintenance, it is often not clear whom they should be reported to. This topic will also be addressed by future EU Regulations, such as the Cyber Resilience Act (CRA), by the requirement for an emergency point of contact to be set up by the company for the event of security incidents. For these reasons, an IFA video has been produced in German, English and Japanese describing a solution for accessing this point of contact. The film describes the new RFC9116 standard, which addresses provision of a "security.txt" file on a company’s website. The DGUV has also set up such a point of contact (https://www.dguv.de/.well-known/security.txt). The results of the project have already been presented in part to a wide specialist audience, including at the World Congress in Sydney.

Last Update: