Implementing secure remote access and MES

Maintaining business continuity during COVID-19 is vital for manufacturers; secure remote access can provide a safe platform to keep operations running

The COVID-19 global pandemic is impacting every individual, every community and every company across the globe. The uncertainty of this pandemic altered production and operations for North American manufactures across all sectors. Some sectors saw orders and demand increase during this time, while other sectors suffered. Regardless of the sector, we have been challenged to continue manufacturing while maintaining quality, meeting production quotas and innovating in a time of unprecedented ambiguity and change. To respond to this challenge, we turn to technology as we rethink how manufacturing can function in the current environment and see a reinvigorated need for digital transformation. Two thriving technology solutions are new manufacturing execution systems (MES) and secure remote access solutions.

An MES can provide an avenue to continue manufacturing operations when the human element is in flux. By digitalizing manufacturing functions like production scheduling, quality tests and data collection, organizations can refocus people on value-added work best suited for personal expertise. Intuitive screens, alarms, work instructions and communications can make people more efficient and effective while reducing risk to product quality and personal safety.

The risks associated with travel and personal proximity force us to consider new ways to work in situations where a physical presence is not possible. Remote work enablement technologies are becoming more important during the COVID-19 pandemic. However, special considerations must be made for manufacturing environments where networked equipment poses a security risk that could lead to exposure of proprietary data and personal safety risks. Secure remote access solutions help to manage this risk while enabling engineering resources, subject matter experts (SMEs) and third-party vendors to continue to support manufacturing operations.

The modern manufacturing landscape demands optimization, creativity and leveraging the best-in-class technology to support digital transformation. The need to reduce costs, increase throughput and improve value is imposed on manufacturing to enhance the entire supply chain. When faced with such pressures, organizations often look to advances in technology and how they can be leveraged to give your business the edge.

What is an MES?

An MES is one of the foundational building blocks necessary to optimize a digital transformation that provides real-time and actionable insights. MES connects the manufacturing space to the other functions of the business and supplies larger context and visibility to the shop floor and providing real-time information to the wider supply chain. MES implementations can provide immediate value through streamlining manual processes and providing actionable information to stakeholders, but they also provide a platform to facilitate other digital factory technologies like advanced analytics and machine learning, cloud computing, and mobile manufacturing.

The ISA-95 Functional Hierarchy (ANSI/ISA, 2000) model was created by The International Society of Automation (ISA) to describe how manufacturing execution systems fit into the greater operational systems architecture (see Figure 1). This model can help to characterize the systems and data flows within our manufacturing business:

  • Level 0 represents the physical production process, where data moves in real-time.
  • Levels 1 and 2 are the process control and automation layer. At these levels data rates can span milliseconds to hours, representing real-time physical processes in timeframes that are easier for human operators to work with.
  • Level 3 is the MES/manufacturing operations management (MOM) layer, which is responsible for managing Levels 1-2 manufacturing systems and communications between plant floor and Level 4 business systems. Data timeframes range from seconds to days to convey data from business systems to manufacturing systems and vice-versa.
  • Level 4 contains business planning and logistics systems, like enterprise resource planning (ERP) and supply chain systems. These systems are used to connect production data to financial data for long-term planning, and work on a much larger timescale.

In this structure, MES/MOM (Level 3) systems are responsible for the management and control of processes that link the demands of the overall business to those of manufacturing. The ISA-95 standard models address MOM activities of production, quality, inventory and maintenance management and how these activity areas interact with business systems, automation systems, and among themselves.

For manufacturers without a software-based MES solution, many of these operations are done manually through emails, meetings and knowledge-from-experience, but those procedures are labor intensive and prone to error. MES software can be implemented to provide more tools and information to the people who need to make these decisions, or even automate business-to-manufacturing management tasks.

The value of MES

According to recent surveys published by MESA International (Rick Franzosa, 2019 2017 MESA/Gartner Business Value of MES Survey, retrieved from MESA International), 87% of MES installations have achieved their expected long-term benefits. However, the same survey also revealed 98% of companies that have installed an MES feel there is unrealized value to be captured from their installation.

Business criteria used to justify MES projects often include:

  • Improving access to actionable data to promote better decision making
  • Improving product quality
  • Enforcing standards and best practices
  • Reducing cycle times and increasing line efficiency
  • Complying with regulatory requirements, including traceability and serialization.

Secure remote access during COVID-19 and beyond

COVID-19 has increased the opportunity landscape for bad actors. Working from home changes how business coworkers collaborate and how businesses operate. It also changes cybersecurity risks.

In 2017, 3.4% of the U.S. workforce — or 4.7 million people — were telecommuting to work, according to Global Workplace Analytics. As of early April 2020, 62% of employed Americans were working from home, according to a Gallup survey. Further, most of those individuals report they intend to remain working from home even after restrictions are lifted.

Looking specifically at manufacturing challenges during the pandemic, a PwC survey issued to chief financial officers (CFOs) in the manufacturing sector found the number one concern with respect to COVID-19 was the financial impact, including the pandemic’s affects on operations.

The type of impact on operations include:

  • People may need to be socially distanced inside the facility.
  • Health screenings and temperature checks at the door.
  • The financial impact of a COVID-19 outbreak could be significant.
  • Travel restrictions are making it difficult to get people to the facility, which:
    • Affects maintenance and original equipment manufacturers (OEMs)
    • Affects service providers’ access to a facility
    • Affects projects and commissioning.

All of these will have an affect on the bottom line — either a long-lasting affect or a significant acute impact. However, the same PwC survey included cybersecurity risks as one of the concerns respondents could list as one of their top concerns. Only 5% of respondents said cybersecurity was one of their top concerns. With everything going on, it is understandable why cybersecurity is not a top concern, but it should be.

Our customers have reached out to put in remote access systems for their industrial control systems (ICS) to help with these issues. We sometimes see convenience and expediency being prioritized over security in these requests. That doesn’t need to be the case. In fact, with guidance, it can be quite easy to prioritize security, and it can save you more money than going the convenient route.

How secure remote access can help

Secure remote access can help solve some of the key COVID-19 operational challenges. It allows original equipment manufacturers (OEMs) to remotely access the machines they need, overcoming travel restrictions. It can be quickly set up when and where needed for a project, allowing commissioning efforts to restart. Effective solution also reduces the number of vendors who come to the facility to troubleshoot, meaning less escorting of visitors and better social distancing.

But aside from the COVID-19 related risks being reduced, there are other benefits as well. It could reduce troubleshooting time and thus increase production capacity. It could expedite project schedules, freeing up resources to perform other higher-value work for the company. Most importantly, it can allow operational technology (OT) staff to manage the remote access and with the approval of information technology (IT), which streamlines workflow.

However, many manufacturers are at an impasse when exploring secure remote access options. They are torn between maintaining uptime and cybersecurity, which results in either scrapping the idea of a remote access system direct to the ICS (keeping the status quo), or OT staff takes shortcuts and puts cellular VPN routers directly to their controls environment. The goal is overcoming that conflict.

Grantek categorizes ICS remote access solutions into three categories. The first is endpoint to endpoint connectivity technologies. We further categorize these into network-based approaches, like VPNs, application-based approaches and hardware appliance approaches. In the ICS world, it is generally established that things like this directly to ICS are bad. It’s not that they’re inherently bad, it’s that implementing these must be done in a very designed, maintained and deliberate way to ensure security.

The second type we see are rendezvous server-type solutions. These generally work by having everybody connect to one server in the facility, and then that server or system passes the user through to where they’re allowed to go. Similar to a gatekeeper, based on who’s coming through the gate, they’re allowed to progress through to certain places.

The third category is a little more amorphous. It can be a hybrid of the two, or some form of integrated platform. Dispel and Grantek developed a comprehensive solution that incorporates several related components into one platform. Grantek’s Engineer-in-a-Box solution is built on this technology from Dispel (see Figure 2).

Engineer in a Box was designed for manufacturers facing sudden remote access challenges. In most cases, connecting the software to the machines that need it in a controlled way takes time, planning and engineering resources. However, Engineer in a Box is delivered in a pre-configured and portable formfactor, requiring users to simply power the device and connect it to the ICS network for it to function. Development software is hosted on Dispel’s secure environment leveraging technology for security. This means vendors and their programming software can be connected directly to the machines you need them to connect to, when it’s needed, with only minutes of configuration.

Final thoughts

Maintaining business continuity during COVID-19 is vital for manufacturers. Secure remote access can provide a safe platform to keep operations running. It can also be key to helping companies get back to work safely and assist maintain MES aspects, which are important to operations, regardless of whether there’s a pandemic.

As manufacturers head into 2021 and the new normal of business and operations become clear, using the right secure remote access solution can secure and enhance the benefits of MES organization wide.

Grantek Systems Integration Ltd. is a member of the Control System Integrators Association (CSIA).

This article appeared in the Global System Integrator Report.

Written by

Sam Russem and Jacob Chapman

Sam Russem is director of smart manufacturing practice at Grantek. Jacob Chapman is director of industrial it & cybersecurity at Grantek.