Bundesamt für Sicherheit in der Informationstechnik

Remote maintenance in industrial environments v1.0

Datum 12.01.2015

Titelbild zu BSI- Cyber-Sicherheitsempfehlung: Remote maintenance in industrial environments v1.0

Systems for process control, production and automation, subsumed under the term “industrial control systems” (ICS), are meanwhile exposed to the same threats as conventional IT systems. Due to operational or economic reasons, it is often required to be able to perform remote maintenance of the systems via public networks. Remote maintenance accesses designed in such a way mean that industrial systems are exposed much more and thus at the same time lead to an increased threat situation. Today, industrial remote maintenance components must therefore reach an adequate security level.

The range of available solutions on the market for remote maintenance in the industrial environment is very wide. The offers range from VPN solutions via cloud-based approaches to provider solutions in the field of machine-to-machine (M2M). There are significant differences between the product features of individual solutions. This recommendation provides an overview of the generic requirements for industrial remote maintenance according to the state of the art. It is explicitly pointed out that established solutions on the basis of analogue or ISDN modems as well as the direct Internet connection of components such as programmable logic controllers (PLCs) do not comply with the state of the art.

[Deutsche Version]