Empty warehouse with yellow rolling gates

Protect industrial networks against hacking

Networked production facilities are at risk from hacking. Hackers want to steal data or manipulate processes

New security concepts for the IoT

According to the cyber threat report by SonicWall, there were 13.5 million IoT attacks in the first half of 2019, a rise of 55 percent compared to the first six months of the previous year. For manufacturing companies, this means that they have to introduce new security strategies for their networked machinery. Otherwise, there is a risk that hackers will attack production processes or steal business-critical data.

Networked machines are at risk of attack

Companies optimize their development, production, and logistics processes based on operational and status data. However, industrial control systems thus lose their previously insular position since the production machines are networked. The systems send machine data to control systems and in some cases even communicate over the internet with devices at other locations. In the case of maintenance work, specialist service staff access machines remotely either because the specialist personnel are not on site or the companies want to save costs by doing this. Companies are able to increase their productivity in this way – however, where the production and office spheres of a company were previously separated, there are now IT links. And it's this that gives hackers a gateway.

For example, an attack starts with a prepared email. If an employee is careless, or the email is convincing, malicious code enters the company IT via a data attachment or a link contained within the email. From the office, the hacker's program then finds its way into the control and monitoring systems of the factory floor. In a worst case scenario, criminals then take control there, sabotage the systems, or carry out espionage. 

Industrial espionage and manipulation of machines

Man operates a robot cutting machine

Attackers can steal sensitive company know-how, switch off the power to a system, or block functions which the company can only monitor again once a ransom is paid. The computer worm NotPetya, for example, stopped production lines at Renault in France, the shipping company Maersk was no longer able to load containers, and sensors failed at the reactor turbines in Chernobyl.

Opening production networks to the public therefore carries risks which did not exist in the cut-off networks of the past. The threat of an intrusion into industrial networks via remote access is currently listed by Germany's Federal Office for Information Security (BSI) in fourth place among the Top 10 threats. The secure implementation of remote maintenance access and the monitoring of access are therefore of high priority if companies want to secure their internal networks and monitoring systems.

Let’s get in touch

We are happy to provide you with the right experts and to answer your questions – by phone or email.

Business damages running into the billions

Man stands in front of a virtual graphic in a large office and points to the graphics.

Networked machines and factories are a worthwhile target for cybercriminals. The IT business association Bitkom measures the business damages inflicted on the German industry by hackers at 43.4 billion euros in the period of 2016 to 2018 and attributes the damages, among other things, to the increasing number of IT systems in the production environment of operational technology (OT). In an industrial environment, a hacker attack or an inadvertent virus in the IT controls of a system, a networked car, or traffic management can not only affect data, in extreme cases it can also be life-threatening. The problem many companies face during this development: an insufficient overview of the IT systems, applications, and data processed in their production environment.

Security must not interfere with production processes

The manufacturing companies are nevertheless faced with the problem that their machines have to run smoothly. Production processes are closely attuned and synchronized with one another. A delay in the processes has an immediate effect on efficiency. Industrial companies therefore fear that IT security solutions in the field of industrial control systems (ICS) can interfere with production processes, such as by blocking the firewall or through unannounced software updates. These fears are legitimate since security providers must adapt their protection concepts known from IT security for use in the OT (operations technology) environment. In this way, they can develop special firewalls which they tailor to industrial protocols. Another focus of ICS security is on the immediate, continuous detection of weak points, infections, or attacks. This allows companies to introduce targeted and timely countermeasures – or, in serious cases, a fast and effective reaction and the recovery of production operations.  

The objective is to ensure business continuity and IT security in the range of nanoseconds. Any downtime of assembly lines in the automotive, machine construction, or logistics industry, and especially in critical infrastructure sectors, costs billions every minute while the reputation among principals and customers suffers as well. 

IT security under attack

43.4 billion euros

of industrial damage to the German industry caused by hackers from 2016 to 2018

13.5 million

worldwide IoT attacks in the first half of 2019

In 4th place

– the threat from breaches in industrial networks according to the BSI (German Federal Office for Information Security)

More than 90 percent

of firmware data feature critical security vulnerabilities

Protecting production facilities

Man standing with his back to the wall in a factory building and operating a laptop

The experience of the Deutsche Telekom security experts ensures the safeguarding of production environments, making OT secure. They harden systems and protect them from ransomware, industrial sabotage, and other cyberattacks. They support production managers and OT managers in the search for previously unknown, dynamic, and mobile devices while ensuring constant availability of applications and devices. Telekom Security offers companies two different options for consulting services: OT Security Check pursuant to ISO 27001 and OT Security Check pursuant to ISA/IEC 62443 as well as weak-point analysis and penetration tests.

Security solutions for ICS

Deutsche Telekom's security experts have developed security solutions for ICS in collaboration with specialized partners. They consist of building blocks which intelligently apportion the company network into zones so that unnecessary and unmonitored data flows, such as between the office and the shop floor, don't happen in the first place. In order to continuously check the system for weak points and to identify previously unknown patterns of attack, solutions are deployed which, with the help of artificial intelligence (machine learning), detect anomalies in the behavior of the system's components. This happens with software which can learn and which does not require a system of rules or signatures. First, it records and models all normal processes in order to then reliably report any deviations from it. If it registers such deviations from the norm or a system vulnerability, the system provides information in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.

Industrial Threat Protect Pro (ITPP)

There are several computer monitors on a long desk. Employees can be recognized in the background.

ITTP detects anomalies in an industrial system's behavior by learning standard commands and regular behavior which complies with the rules within this system. ITPP then detects deviations from this norm. If the solution registers a weak point in the system, it provides information in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate. 

Industrial Network Protect Pro (INPP)

In a larger warehouse, there are six server units in a row

INPP is a firewall for industrial networks. Its primary focus is to prevent unauthorized attacks on the network as well as uncontrolled data flows. A network can be subdivided into secured zones so that INPP data flows between the zones can be monitored and checked. This prevents unauthorized attacks on control systems. INPP can also implement centrally managed security guidelines across locations and manufacturers. Security gateways can also be used as sensors for the detection of attacks and access protection for remote maintenance.

Industrial Access Protect Pro (IAPP)

Hands write on a computer keyboard. In addition, blurred data sets can be recognized

IAAP guards against remote access to machines, for remote maintenance, for example. The service company technicians gain access via an encrypted connection using a "rendezvous server". 2-factor authentication used as an additional security measure. The customer's employee likewise sets up a connection to the rendezvous server. He authorizes the technician's connection via a service box or the management portal for a defined period of time. Work on the systems can be monitored and recorded live.

Industrial security: production companies in the cybersphere

High productivity, high security risk: how hackers have set their sights on connected industrial systems.

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and IT infrastructure, security, and digitalization. Industry 4.0 and smart factories require special protection against hacker attacks.

Zu unserer Strategie