What is Remote Maintenance?
Remote maintenance is the process by which engineers, technicians or suppliers gain remote access to industrial systems in order to carry out maintenance, updates, Monitoring or fault analysis. This can be done via VPN, remote desktop, web portals or industrial Remote Access equipment.
In OT environments, remote maintenance makes it possible to respond to faults more quickly, but also introduces risks of unauthorised access, misconfiguration and the introduction of Malware.
🧠 Why remote maintenance is used
- Quick response time – no travel time when there is an urgent fault or fault diagnosis
- Access to experts – suppliers or specialists can directly observe or configure
- Cost savings – fewer physical interventions and fewer production interruptions
- Scalability – multiple sites can be supported centrally
- Efficient support – performing firmware updates, settings or tuning remotely
🔐 Risks of remote maintenance in OT
| Risk | Description |
|---|---|
| Insecure connections | Direct access to OT without encryption or authentication |
| Permanent access | Credentials remain valid outside working hours or without supervision |
| Shadow IT | Use of unapproved tools by external technicians |
| Malware introduction | External laptops can bring viruses or ransomware with them |
| Lack of logging | Activity is not recorded, no forensic trail |
| Lateral movement | An attacker uses remote access as a launchpad within the OT network |
Incidents such as Triton, 3CX and Kaseya show that attacks are often carried out via remote access.
✅ Security measures for remote maintenance
| Measure | Description |
|---|---|
| Jump Server | Shielded intermediate step with logging, inspection and authentication |
| MFA | Additional verification step for external technicians |
| Time-window access | Access only during approved windows or via a work permit |
| Session management & logging | Full audit trail of who did what |
| Anomaly detection | Detection of unusual behaviour during remote sessions |
| Role-based access | Engineers only get access to what is needed for their task |
| Secure Remote Access tools | Specialist industrial remote-access tooling with built-in security |
📦 Remote maintenance in OT vs. IT
| IT | OT |
|---|---|
| TeamViewer, RDP, VPN | Secured tunnels via a Jump Server or industrial gateway |
| Free access during working hours | Access only after approval and via session management |
| OS-based systems | Proprietary HMIs and PLCs with limited logging capability |
| Endpoint AV and EDR | Often no AV on embedded systems |
In OT environments, remote maintenance is safety-critical and must be carried out under strictly controlled conditions.
📌 In summary
Remote maintenance is indispensable for fast support, but requires strict security in OT. Access must be temporary, controlled, restricted and fully logged — with attention to both technology and procedure.