When your world is suddenly turned upside down! Digital security of production facilities

Industry 4.0 offers new opportunities and challenges at the same time. Companies have to find well thought-out and effective security concepts for production environments in order to implement Operational Technology and IT security - for new systems as well as old plants - in practice.

The initial situation

Machines and robots, which operate around the clock in modern production facilities, are highly interconnected – both within OT (Operational Technology) and with IT. Embedded systems communicate independently with one another, plant operators monitor Informaand control remotely, cloud planning systems calculate job steps and machine scheduling, maintenance personnel gain access and make changes to configurations from all over the world.

Nowadays, protective mechanisms for OT and IT are at least just as important as the physical measures taken to protect a factory. Threats can penetrate and manipulate systems via network connections. Malware can completely paralyse vast areas and also cause immense physical damage, as well as putting life in danger. It was clear that factories and plants were the targets of cyber attacks long before the numerous production failures experienced by the multinationals in 2017.

Particular constraints are applicable to OT and IT security in industrial production. Production plant control technology has real-time requirements that make it difficult if not impossible to modify the systems. This means, for instance, that software patches on the systems, malware scanners and antivirus programs can impair functionality. There is also the fact that hardware and software are used for comparably long periods in production, in stark contrast to other applications.

The approach

Sophisticated security concepts have to be found for the production environments so that OT and IT security can be put into practice both for new systems and old equipment. The focus here is always on the timely detection of IT security problems and cyber attackers. It must be possible to determine the current security situation of the company at a glance at the touch of a button, thereby ensuring that almost all entry gates are closed to attackers.

This requires technology, experts and processes. In terms of software, special OT risk detection modules are available. First and foremost, such software identifies protocols and applications in network traffic, analyses extracted data and visualises anomalies. Keyword: Industrial Network & Behaviour Analysis. In addition, security-relevant information is gained through the collection, analysis and correlation of logs from various sources – Industrial System Log Collection & Analysis. Finally, vulnerability scans in selected areas and environments – Selective Vulnerability Management & Assessment – provide valuable information. If the identified potentially security-relevant information from all three modules is correlated, this delivers very high-quality information about the current “health status” of the Operational Technology.

The further processing of the results is reserved for security specialists due to the level of complexity. They evaluate and prioritise the automatically generated findings. Finally, they provide all the information in a single, easy-to-understand portal that is accessible by the relevant stakeholders – including IT & OT operations teams and the company management – or from which they receive regular, customised and helpful reports. If the processes work, from the actual automated detection to the timely resolution of actual problems, attackers will have a very hard time causing damage to production facilities.