Industrial plants and important infrastructure sites are common across industries such as oil, gas, mining, chemicals, energy, manufacturing and defense. Such plants may be defined by the well-known Purdue model where levels 0-3 in the Purdue model comprise the industrial control system (ICS), with level 0 being the field level with field devices (sensors and actuators) and processing equipment, which utilize an industrial network for its communications, and Level 4 and above (e.g., level 5). Level 4 and above are considered the “enterprise” level(s), such as for production scheduling. The ICS can comprise a distributed control system (DCS) or a supervisory control and data acquisition (SCADA) system.
There has been a move for allowing remote access to devices in the ICS, such as for allowing authorized contactors including vendors, including using the Industrial Internet of Things (IIoT). The advantage of IIoT or other remote access mechanisms is that factories and other industrial enterprises are becoming smarter, with more agile and more efficient operations and businesses. For example, remote access enables vendors to access the equipment they supply to their industrial customers for routine maintenance activities, such as patching, hardening and log collection, as well as rapid responses to certain incidents, including to perform investigations into a sudden drop in production, or a potential cyber-security breach. The downside is that connected industrial operations expose the ICS of factories and manufacturing facilities to external cyber-security risks.
Engineers and contractors can remotely access equipment within one or more of a customer's ICS using commercially available remote equipment access platforms, such as a Nextnine Ltd. (now part of Honeywell International Inc.) platform known as an ‘ICS SHIELD’ that is a security management solution for securing one or more ICS. The ICS SHIELD also protects ICS from cyber-security attacks, and enables remote monitoring and process control of its devices such as process controllers, field devices, and processing equipment. Engineers and other authorized individuals using the ICS shield may use a Nextnine' remote access protocol recording solution known as Session Recording for connecting through a designated remote server to generally perform any action that can be performed from within the ICS. ICS SHIELD sessions which were previously designated to be recorded within the ICS SHIELD software are recorded, thus capturing and storing display window content during remote access sessions, which enables plant auditors to play back the display window content in a video format, including the ability to stream the video in real-time so that an auditor can view the actions taken on his or her plants while the engineer was working.