One of the recommendations of every national Cybersecurity agency (ENISA, BSI, ANSSI ...) is the operator's control of the remote maintenance connection. Remote access should preferably be initiated and terminated from within the company. A key switch can be used for remote maintenance. It enables the operator to control remote maintenance connections on a physical level...
Enable your customer to control your remote access - Clever strategies for successful and secure remote services in practice

The benefits of remote maintenance for machines and plants are well known: shorter reaction times, considerable cost advantages and minimization of downtimes. However, if production does not have an effective protective shield, security gaps render the manufacturing processes vulnerable. With that in mind, opportunities and risks have to be taken into consideration. The Federal Office for Information Security (BSI), the Agence nationale de la sécurité des systèmes d’information (ANSSI) and the European Union agency for network and information securitty (ENISA) help with their guidelines to avoid risks and threats. One of the recommendations is the operator's control of the remote maintenance connection. Remote access should preferably be initiated and terminated by the company at the tunnel-end-point. A key switch can be used for remote maintenance. It enables the operator to control remote maintenance connections mechanically. 

 

With the new industrial router, mbNET.rokey, a multi-stage key switch ensures greater security. The newly developed device gives the system operator full, physical access control directly at the router. In the "OFF" position of the switch, the connection to the outside is completely disconnected. As soon as the system operator switches to the "ONL" position, the router establishes a VPN connection to the mbConnect24 server and is displayed in the portal as "connected". In this mode, remote access to the data and services of the router is possible - but not the access to the components and the network behind the router. Routing and thus transparent access for remote maintenance of the system is only possible with switch position "REM". The scalable access protection allows the user to use the router's services continuously, for example for data acquisition, while he only activates remote maintenance when actually needed.

 

For further Cybersecurity, a security chip (Secure Element), serves as a secure safe for passwords, certificates and keys, and a permanently programmed boot loader (Secure Boot), which only accepts signed firmware updates matching the stored security certificate (Secure Firmware), ensure the system security of the router itself.

Do you want to know more? Visit us at the "all about automation" in Hamburg, Germany and watch our presentation on secure remote access. 

www.automation-hamburg.com/de/ausstellerliste/ausstellerdetail/mb-connect-line-gmbh-id_585/