Production facilities are increasingly connected and integrated into complex systems. In addition to the benefits for operational efficiency, connecting also opens up new risks, as there are sometimes opportunities for cybercriminals to attack. According to the Federal Criminal Police Office (BKA), more than 136,000 such cases were registered in 2022. The challenge lies in securing these systems.
The challenge: connected production facilities are vulnerable to cyber-attacks
Industrial IoT, Smart Factory and Industry 4.0 mean: Production plants are no longer closed systems, but are connected to each other and integrated into larger systems. They open external interfaces to be accessible, controllable, and evaluable for applications through the IoT. The systems may then be poorly protected or even visible to outsiders.
The search engine Shodan identifies over 2,000 open Modbus ports in Germany alone. Some of these are honeypots, which security providers use to investigate common hacker tricks. But with a little patience, cyber criminals will find a vulnerable system in this or similar ways.
In technical terms, a connected machine or system normally has its own public IP address, which is intended for remote access and data exchange. This means that the corresponding device behaves like a normal computer and must be protected in the same way.
Challenges in securing OT (Operational Technology)
In IT, there have long been standards for securing publicly accessible servers. OT (Operational Technology) in the industry is still lagging somewhat behind here. The security requirements of connected machines and systems differ in some respects from those of IT security. As a rule, OT systems are established structures – industrial systems often have a service life of several decades. This means that in the near (or distant) future, a large number of machines will be running with outdated technology that was not designed for current threats.
There are plenty of entry points for attackers, as connected machines often interact with a variety of other systems such as industrial controllers, IoT gateways, edge servers, and much more. Furthermore, security protocols and standards are constantly changing, meaning that adjustments to machinery are and will be necessary. This also ensures that security adaptations are necessary for a large number of industry protocols. Examples include Modbus, Profibus, Profinet or CAN as well as the IoT protocols MQTT and OPC UA.
Security in a production environment
The usual best practices from securing computer systems in IT are not readily transferable to OT. Real-time communication is usually required, which makes the latency of the connection a decisive factor. This makes the use of resource-hungry security mechanisms more difficult.
OT and IoT security in a production environment require not only expertise in IT security but also intimate knowledge of the specifics, technologies, and protocols in OT. At the same time, the scope of security is becoming ever broader.
It is no longer just about protecting against external access – cloud connections, data pools, user access and much more are now also included. For this reason, cooperation with a security specialist for information security in the industry is indispensable.
The solution: a comprehensive security concept for production
The development service provider and security specialist ITK Engineering is active worldwide in sectors such as automotive, industry, rail technology and healthcare. It offers consulting and services to enable a robust state-of-the-art architecture with the highest level of cyber security for companies. The company offers its customers not only individual, tailor-made security measures, but also a holistic and consulting-supported security package.
Security concept for production
ITK develops comprehensive cyber security concepts for manufacturing, carries out cyber security risk assessments and advises companies on implementation. The result is a tailor-made and standard-compliant solution that focuses on specific customer requirements. Such a customized solution is aimed at security measures for manufacturers of connected machines (and other products) as well as for operators of such systems.
Two typical use cases as examples
- A mechanical engineering company wants to connect its latest generation of devices and equip them with functions for remote maintenance, condition monitoring and the evaluation of machine and process data. They also plan to offer a self-developed cloud app that, in a dashboard, provide companies with the current condition of each machine.
- The operator of an older industrial facility wants to extend the service life of its existing machines and therefore wants to introduce solutions for condition monitoring and predictive maintenance. The retrofit sensors are to be connected to the Industrial IoT and ultimately a cloud service via a gateway. All data is visualized there, but also prepared for real-time export to the ERP system used.
Independent consulting and customized solutions
ITK sees itself as a system integrator that does not offer its own products, but provides product- and platform-independent consulting services and develops customer-specific solutions. That’s why the consultation begins with a risk assessment that identifies possible vulnerabilities and estimates the potential damage from attacks. This assessment forms the basis for the development of a security concept with a suitable security architecture. ITK always keeps an eye on international cyber security standards and the ability to integrate the concept with existing components.
To ensure the conformity of the code, ITK relies on secure coding practices and semi-automated code analysis techniques. ITK develops whitebox solutions for the security of connected production systems: Customers receive all rights to the software as well as the source code and other technical information. This means there is no vendor lock-in.
ITK offers penetration testing to detect any remaining vulnerabilities that have crept in during the development and integration of production systems. A team of ITK experts simulates an attacker and attempts to identify and exploit vulnerabilities in the system. In addition to engineering services, ITK empowers its customers through method consultation and training to establish security processes and methods, enabling them to independently respond to security attacks.
The result: Information security according to industry standards
The integration of cyber security processes allows industrial companies to defend their manufacturing processes and workflows against digital threats. This reduces the risk of downtime, data loss and disruptions in your IT infrastructure. Target-oriented investments in cyber security avoid unnecessary costs and at the same time guarantee a high standard of security.
Such processes are also necessary in order to comply with regulatory requirements such as the EU Cybersecurity Resilience Act (CRA), which is currently under discussion, and to develop systems in line with the latest standards – for example in accordance with IEC 62443 for industrial communication infrastructures. In addition, well-protected production facilities and a high standard of cyber security strengthen the trust of consumers, business partners and other interest groups. In this way, companies are optimally prepared for the ongoing digitization of manufacturing, gain a better competitive position and can drive innovation.
