Skip to navigation Skip to content

Small But Mighty: Remote Access to Manufacturing Equipment or Industrial IoT Systems

Minute Read

Interviewee: Lin Nease, Chief Technologist, IoT at Hewlett-Packard Enterprise

Security is a big subject, but that doesn’t mean you can’t learn a lot in a short amount of time. We know people are busy, but for those that are still hungry for better ways to approach securing their organizations or clients, we’ve created Small But Mighty.

Twice each month, hosts from Attila Security’s Sales and Marketing teams host a 15-minute coffee chat with innovators and thought leaders in the cybersecurity space to provide big insights in a bite-sized format.

Watch the video conversation here, or check out the summary or full transcript below.

 

Learn more about the topics discussed in this video:

 

-- Article continues below --the complete secure remote work resource center

Visit the Secure Remote Resource Center.

Today’s Topic: Remote Access to Manufacturing Equipment or Industrial IoT Systems

Meet Lin Nease

The Chief Technologist of IoT at Hewlett-Packard Enterprise joins Stacy and Joe to discuss remote access to manufacturing equipment and other industrial IoT systems. Lin strategically consults with customers on enabling the internet of things (IoT), which as anyone who works in the space knows is a multidimensional discussion. For Lin, it is typically around the industrial process.

The spectrum of coffee tastes

Lin shares he’s a pretty easy-going guy when it comes to his morning cuppa-joe, but Joe and Stacy both shake things up a bit by elevating their coffee choices for this chat. Joe is enjoying Starbucks Barona and Stacy is sipping on a brewed gift from Mountaineer Coffee based out of Florida.

Remote access to industrial IoT environments

Remotely accessing industrial IoT environments has been on the roadmap for companies for a few years. With the impact of COVID-19 on virtually every industry, securing remote access has upgraded from a challenge to solve in the future, to a challenge to solve today.

The impossible physics of COVID-19 in industrial settings

Lin shares the reality that facilities are facing the real possibility of having to shut-down or have actually had to halt production due to not being able to rapidly change their processes in a dramatic enough way to allow for safety protocols like social distancing and contact tracing.


Read the Complete IoT Security Guide

Everything you need to know about securing your IoT or IIoT deployment.

Read Now


The fact is our industrial infrastructure was not designed for remote access or to limit time and space between the individuals needed to operate production. This in and of itself is a risk factor, but in 2020, it has become the point of failure for many.

The shared fate

It’s clear that Joe and Lin have been having many conversations about the topic as they both are tasked with solving it due to their expertise and professions. Joe asked Lin to share his concept of The Shared Fate:

“A lot of production lines in the world have been automated and the automation of those production lines has been done through very specialized IT-like equipment. Control systems are a different animal from our laptops and PCs and servers that we all encounter on a daily basis in that they frequently are doing something that physically controls our system of the production process that has huge safety implications, or has to be very precise. And it's tiny.

A lot of these IT systems are very specialized in nature. And the designers of those systems, we call the operations technology vendors. If you go back in time to when these systems were designed, it predated even in some cases, the worldwide web, if you can believe that, and these systems are not well protected against vulnerabilities off the network.

The Shared Fate problem here is if I start putting these systems on a network to collect data off of them, which is the IoT problem.

Now, suddenly they are exposed to an attack surface. And the vulnerabilities in a lot of these older codes are extremely well known. Now, many of us are aware of the old Stuxnet hacks that took advantage of this exact fact, right? These systems, as a result frequently sit on completely isolated network segments frequently for the purposes of convenience and replication, they use the exact same IP addresses in these different replicated isolated networks that people call it air gaps when we separate them from the rest of the system. There's really no way to access these systems from home.

In many cases, the workers in these facilities must pass in close proximity to one another, and all they're doing, they're subject matter experts on operating these systems. And so the question is, is there, there should be no reason why they can't operate those systems from home. It's electrons, it's keyboards, it's monitors, right? And that's the big question.

Once I network them, now I have this problem. I've taken the shared fate and I've exposed these systems to the outside world.”

Enabling the operator experts to work remotely

Regardless of whether an operation views remote access as innovative or an undue risk, COVID-19 is forcing virtually every company to evaluate how it currently operates and the reality is, remote access has become critical for a stabilized production line.

Lin agrees that building a remote-access system in a ‘no-brainer’ for most companies and even shares that many will find a new division of their labor source will make this easier to implement. On one side of this divide, you have people who know how to do things, skilled operator experts. On the other, you have the talented ‘hand and feet’ who engage in the completion of a product.

The ‘hand and feet’ side of this equation can be solved through intentionally separating using time and space.

For the keyboard, monitors, and electrons that are being used by our skilled operators, why do people have to be present? The answer is that they don’t.

Again, this is where the security question comes into play. For many, the legacy systems operating in their plants were intentionally designed with air gaps, the first cyber-security system put into place. But these air-gaps create a scenario where simply connecting these electrons to a network leaves the operation more susceptible to cyber attacks.


Read the Case Study: Securing IoT Surveillance Cameras

A Fortune-100 enterprise with thousands of retail locations found themselves with security cameras with a weak security posture.

Read Now


Hardware vs software solutions

Attila has a solution that is virtually foolproof in terms of protecting a session or conversation and obscuring it, and basically completely hiding it from the environment in which the person is located.

For Lin, this is a critical enabler of providing access to these control systems and production systems remotely. The Attila technology completely hides your session and your laptop is multiple tunnels, and the IP address can come from anywhere you want to in the world.

Lin shares:

“The same type of technology is extremely useful in this industrial setting. If I can access the human-machine interface screen. And in many cases, these are just rendered monitors and terminals, almost like we know from the days of yore, and I can expose that remotely to an operator at home who understands completion codes and error codes and understands how the equipment works.

They could work from home, and this is the perfect technology to enable that. And I think it's important to realize that, you know, part of the protection of these machines is not, it's not about, you know, is my customer in battery manufacturing, worried about someone figuring out how many batteries are producing today.

They're probably not. What they're really worried about is that that system is absolutely positive, never exposed to the outside world. That's the key is just simply minimizing the expansion of the attack surface.”

The seemingly impossible time scale for change

Any system-wide implementation is a project of enormous scale, but what if that change needs to happen within 12-months, not years? The frank reality is that COVID will not simply go away and now that we’ve all experienced what an impact a global-virus can achieve, the onus to react to today’s demands and be prepared for tomorrow is great.

Deploying a solution that is simple, foolproof, and effective isn’t just a nice-sounding marketing pitch, it’s what is desperately needed to continue operations in the current environment we’re all in.

Lin shares that this is part of what makes Attila does so attractive. Rapid deployment, secure communication, and scalable security.

The unexpected possibility for remote in the industrial space

Even when COVID-19 is no longer the biggest security threat we face, the fact is that remote access for industrial IoT will now be considered standard practice.

Companies who have never dreamed their operations would be even partly remote are now finding that not only is it possible, but it’s producing better outcomes and more and more companies will be discovering this for themselves.

TL;DR

Cybersecurity didn’t exist like it does today when the systems that run the industrial sector were put in place. In fact, what was considered security now presents challenges when choosing to enable remote access in industrial IoT environments. Selecting a solution that can retrofit into your existing environment and operate independently is a best-case scenario for an immediate migration to remote access.

The Complete Guide to IoT Security

Read the Full Transcript

Stacy (00:02):
Welcome to today's episode of Small But Mighty. Security might be a big subject, but that doesn't mean people can't learn a lot in a short amount of time. We know people are busy, but they are still hungry for ways to approach securing their organization for clients twice each month, we'll be hosting 15 minute coffee chats with innovators and thought leaders in the cybersecurity space to provide big insights in a bite sized format. I'm Stacy. And this is Joe from the Attila security team. And today we are here with Lin Nease, Chief Technologist for IOT at Hewlett Packard Enterprise. Hi Lin, tell us a little bit about yourself and what you've been working on lately.

Lin (00:36):
Sure. So I'm part of our point next services business. So I'm spending a great deal of my time doing, I'll call it strategic consulting with customers on enabling internet of things, which is a multidimensional discussion. And typically it's around industrial process.

Stacy (00:56):
That sounds fascinating. And because we are having a coffee chat today, we always like to go around and tell everybody a little bit about what we're drinking. So what, what is your on your menu today? What's in your cup?

Lin (01:08):
I'm a cheap coffee drunk, so I am I'm actually drinking some of that Francisco's canned stuff that I am making by the pot loads at home. My coffee consumption unfortunately has risen a great deal and the COVID world.

Stacy (01:25):
Right? When you have access to Mr. Coffee right behind you.

Joe (01:28):
That's right. Yeah. There we go.

Stacy (01:31):
Joe, what about you?

Joe (01:32):
I'll go next. So I'm basically, I feel like really what he told you today because I'm having Starbucks Barona, which is to me serious upgrade from my standard, you know, Columbian medium body blend. So a little bit you know, special today.

Stacy (01:48):
You know, this, I feel like today is a backwards day because if you're a regular watcher, you know, Joe and I are, are the cheap coffee drinkers. I'm usually Folgers guy. I did get gifted this fabulous, like delicious local roast from a friend of mine over in Florida. So I'm drinking fancy coffee today and our guest is drinking cheap coffee, usually it's the other way around. So it was kind of like a fun mix up freaky Friday. Well, what's that Joe, I'll turn it over to you and let's get down security.

Joe (02:21):
Sounds good. Well, I'm actually really excited about today's topic Lin. We're going to be discussing remote access to an industrial control environments or industrial IOT environments. And obviously with what's going on with COVID the state of the world right now, this is a very relative top topic. So obviously it's been traditionally a very an environment where operators are on-prem running systems. Why is it so important now to really be thinking about remote access to these systems?

Lin (02:57):
You've got several customers who I'm having to deal with as we speak right now. And this is a topic of great urgency who are on the verge of having to close down production facilities. So there have been several in the food processing business, for example, who have shut down because they had a dozen workers test positive for COVID and at this point they can't figure out how to, how to change their processes in a dramatic way to enable things like social distancing and contact tracing. You can imagine, right? It's a physics problem. And so the real priority now for a lot of our customers is to keep their production operations, right?

Joe (03:39):
Yeah. I can imagine you know, it's super important, one day down, let alone one machine down, let alone one day being down is just lots and lots of potential revenue lost. I guess in terms of you, you have a, a term, I know that you've used in PA in the past with me when we, you and I have talked about the potential for a shared fate. What do you mean by that when you're in this, in this respect?

Lin (04:11):
Yeah, so a lot of production lines in the world have been automated and the automation of those production lines has been done through very specialized IT like equipment. So control systems are a different animal from our laptops and PCs and servers that we all encounter on a daily basis in that they frequently are doing something that physically controls our system of production process that has huge safety implications, or has to be very precise. And it's tiny. So a lot of these it systems are very specialized in nature. And the designers of those systems, we call the operations technology vendors. If you go back in time to when these systems were designed, it predated even in some cases, the worldwide web, if you can believe that, and these systems are not well protected against vulnerabilities off the network. So the shared fate problem here is if I start putting these systems on a network to collect data off of them, which is the IOT problem.

Lin (05:16):
Now, suddenly they are exposed to an attack surface. And the vulnerabilities in a lot of these older codes are extremely well known. Now, many of us are aware of the old Stuxnet hacks took advantage of this exact fact, right? So, so these systems, as a result frequently sit on completely isolated network segments frequently for the purposes of convenience and replication, they use the exact same IP addresses in these different replicated isolated networks that people call it air gaps when we separate them from the rest of the system. So there's really no way to access these systems from home. And in many cases, the workers in these facilities must pass in close proximity to one another, and all they're doing, they're subject matter experts on operating these systems. And so the question is, is there, there should be no reason why they can't operate those systems from home. It's electrons, it's keyboards, it's monitors, right. And that's the, that's the big question. Once I network them now I have this problem. I've taken the shared fate and I've exposed these systems to the outside world. Yep.

Joe (06:32):
Yup. I know I'm just thinking through some of the customers and, you know, just the, the companies, the enterprises, and even government agencies that have these environments they're not always you know, security as I think you've mentioned it wasn't always top of mind, especially when they implemented these systems. Do you think and you did mention initially that there were a few customers that you're running into that are very, very concerned about this and are obviously looking at these. And I would imagine they're very kind of progressive enterprise type companies, but do you think in general, this moving to a remote access to these industrial manufacturing plant environments is going to be kind of a tough pill to swallow? Is it going to take some time or, or do you think just the nature of where we are today that it's kind of clear in a no brainer to start thinking in this way?

Lin (07:27):
Well, so I think it's a no brainer to ask the question. And for some the conclusion they're going to draw is it might be easier to have, we're seeing discussion and investigation into a new division of labor in the industrial environment where I have people who know how to do things. And then I've got people who can be hands and feet. And if I separate the tasking along those lines, the hands and feet, people can be separated in time and space. But the problem of course, is I've got a multitude of these computer screens that there are operator experts need to look at to diagnose any problem that emerges on the production line. And so even with this division of labor, I think there's a need to, to enable remote operation, especially again, if it's keyboards and it's monitors and it's electrons, why, why do I have to have people present? And I think it's only a security question and an enablement that that separates us from that reality, and many enterprises are talking about this.

Stacy (08:35):
So how are you guys solving this? What are you doing?

Lin (08:41):
Not yet. And in fact, this is one of the reasons that Joe and I are talking. Attila has a solution that is virtually foolproof in terms of protecting a session or conversation and obscuring it, and basically completely completely hiding it from the environment in which the person is located. So that to me is a critical enabler of providing access to these control systems and production systems remotely. And in the past, of course, this technology now has been applied by a chiller to, to things like classified information and being able to access that while on the road, you know, I've got a road warrior and a hotel room, critical project, and to get to that, I don't even want the captive portal to show up, you know on my laptop. The Attila technology completely hides your session and your laptop is multiple tunnels. And the IP address can come from anywhere you want to in the world.

Lin (09:43):
The same type of technology is extremely useful in this industrial setting. If I can access the human machine interface screen. And in many cases, these are just rendered monitors and terminals, almost like we know from the days of yore, and I can expose that remotely to an operator at home who understands completion codes and error codes and understands how the equipment works. They could work from home, and this is the perfect technology to enable that. And I think it's important to realize that, you know, part of the protection of these machines is not, it's not about, you know, is my customer in battery manufacturing, worried about someone figuring out how many batteries are producing today. They're probably not. What they're really worried about is that that system is absolutely positively, never exposed to the outside world. That's the key is just simply minimizing the expansion of the attack surface.

Joe (10:42):
Yeah, no perfectly said. I know that, you know we had Attila we pride the fact that we have a hardware device versus a software solution, which, which you know with software requires an agent to be loaded on these, on this equipment that, you know, as you mentioned is decades and decades old. So that's not necessarily something easy to do. Can you elaborate a little bit as to why you think a hardware solution there might be a better fit?

Lin (11:13):
All right, you hit on it, first of all, it's it's foolproof. And, and it's completely separate and distinct from the technologies. These, we've had customers running point of sale systems and they're, you know, retail stores on concurrent dos as recently as like four or five years ago. So one of the most advanced carbon fiber processes, and one of my customer's factories runs on windows XP. So you can't, you can't expect that you can go in and make changes to some of these systems. They're very old, they're on a 20, 30 year life cycle. They are using however TCP-IP and many cases and the sessions that we know and love very much the same as other sessions on the network. It's just a question of completely separate technology that is not in any way requiring an integration task. And that's where the hardware solution, not only is it foolproof from an absolute security perspective, but it also completely separates the task of enabling remote from integration with the solution.

Joe (12:26):
Yeah. Well, I tell you, I can tell you, this has been very, very interesting discussion. I know we're getting close to our time here. But it sounds to me that based on everything we've heard enterprises, government agencies companies that are manufacturing, building products, should really start thinking about remote access into these critical environments given where we are today. And you know, unfortunately there will be other natural disasters and things that are gonna prevent people from being on premises. So I don't know if you have any final words around that in general.

Lin (13:10):
Well, I think, you know, production processes, as we know them, were not even remotely conceived to, to keep people separate in time and space. They just, they just flat out weren't and the timescales are changing. Those processes are so long that a company cannot afford to rethink their production process in many cases in a timescale, less than a year or two. So the ability to do this remote operation is something that a lot of companies are going to look at. And I think it's a critical enabler in the near term and probably even in the longterm.

Stacy (13:50):
I would imagine like many of the other industries and places we're seeing this mass need to change quickly around COVID, but there's so many benefits that live far beyond the end of that, that it's not going away when this goes away, it's just

Lin (14:06):
Forcing the change. You've seen the names and if you're able to watch TV every now and then you see all the zoom means that are showing up on every single commercial on TV now. And there are thoughts with many of our customers that working remote has turned out to be a far more feasible approach to doing business. For many companies I deal with than they anticipated. In a lot of people at not experimented with remote work in a big way. Since there were DSL lines, you know, with 256 K downlink speeds, I just got a gigabit downlink to my home. If the world has changed a lot in people suddenly realizing that and work I think is

Stacy (14:51):
Here to stay. So if it moves into the production area, all the better. Agreed, thank you so much for your time today and to all of our watchers, make sure that you join us twice a month for 15 minutes security chats, to learn more about how you can secure your organization. And in this case, do make sure you sign up to come and see our IOT integrators summit. We're having an event where you can actually learn more about this very specific topic with this very specific speaker. So if you want more, which all of you do, I know you do, come and join us. Thanks. Thanks everyone.