OMAC REMOTE ACCESS WORKGROUP
Security Considerations for Remote Access
Recent ransomware attacks have put the spotlight on potential security vulnerabilities of some industrial Remote Access solutions. Around the world, users are scrambling to understand and mitigate these vulnerabilities.
Protecting automation endpoints from attacks that take advantage of remote connectivity is a vital concern for businesses that requires input and close collaboration from their Information Technology (IT), Operational Technology (OT), and security professionals.
With this in mind, the Organization for Machine Automation and Control (OMAC) convened its second “Remote Access Workgroup,” to present practical, field-tested methods for reducing cybersecurity-related risk.
The workgroup, led by ei3, also reviews issues created by actors or processes that cause intentional or unintentional security incidents. This document is a follow-up to the initial OMAC document titled “Practical Guide for Remote Access to Plant Equipment,” published in January 2021. It is recommended that the reader of this addendum first review that document to better understand all the aspects of remote access before taking a detailed look at security.
The "Security Considerations for Remote Access" document provides a broad perspective and insights from an experienced group of 47 members representing End Users, and the OEMs, System Integrators, and Equipment Suppliers that support them.
REQUEST THE GUIDE

PARTICIPATING COMPANIES
End Users Cargill, Colpal, Corning, Frito Lay – Pepsico, General Motors, P&G, Rohm and Haas |
Original Equipment Manufacturers Barry-Wehmiller, Dürr USA, Mettler Toledo, Milacron, Nordson Corporation, ProMach |
System Integrators Applied Control Engineering, Bachelor Controls, DMC, Interstates, Martin CSI, The EOSYS Group, Outlier Automation, Rovisys, SAGE |
Vendors Beckhoff, Cisco, Dispel, Dynics, EtherCAT Technology Group, KORE Wireless, Mitsubishi Electric Europe B.V., Nozomi Networks, Sick, Siemens |
Workgroup Methodology
The material in this document is from direct member comments. Identities are not revealed to allow for a free flow of opinions and observations from direct experience.
Workgroup participants received a series of questions around each of the four themes used to structure Remote Access considerations. Answers were then segmented by the participant’s role (End User, Original Equipment Manufacturer, System Integrator, and Vendor).
