Security Considerations for Remote Access

Recent ransomware attacks have put the spotlight on potential security vulnerabilities of some industrial Remote Access solutions. Around the world, users are scrambling to understand and mitigate these vulnerabilities.

Protecting automation endpoints from attacks that take advantage of remote connectivity is a vital concern for businesses that requires input and close collaboration from their Information Technology (IT), Operational Technology (OT), and security professionals.

With this in mind, the Organization for Machine Automation and Control (OMAC) convened its second “Remote Access Workgroup,” to present practical, field-tested methods for reducing cybersecurity-related risk. 

The workgroup, led by ei3, also reviews issues created by actors or processes that cause intentional or unintentional security incidents. This document is a follow-up to the initial OMAC document titled “Practical Guide for Remote Access to Plant Equipment,” published in January 2021. It is recommended that the reader of this addendum first review that document to better understand all the aspects of remote access before taking a detailed look at security. 

The "Security Considerations for Remote Access" document provides a broad perspective and insights from an experienced group of 47 members representing End Users, and the OEMs, System Integrators, and Equipment Suppliers that support them.



End Users

Cargill, Colpal, Corning, Frito Lay – Pepsico, General Motors, P&G, Rohm and Haas

Original Equipment Manufacturers

Barry-Wehmiller, Dürr USA, Mettler Toledo, Milacron, Nordson Corporation, ProMach

System Integrators

Applied Control Engineering, Bachelor Controls, DMC, Interstates, Martin CSI, The EOSYS Group, Outlier Automation, Rovisys, SAGE


Beckhoff, Cisco, Dispel, Dynics, EtherCAT Technology Group, KORE Wireless, Mitsubishi Electric Europe B.V., Nozomi Networks, Sick, Siemens 

A special mention goes to Packaging Machinery Manufacturers Institute (PMMI) for their support.

Workgroup Methodology

The material in this document is from direct member comments. Identities are not revealed to allow for a free flow of opinions and observations from direct experience. 

Workgroup participants received a series of questions around each of the four themes used to structure Remote Access considerations. Answers were then segmented by the participant’s role (End User, Original Equipment Manufacturer, System Integrator, and Vendor).

Security Consideration for Remote Access Timeline 2022

What the members say