According to the cyber threat report by SonicWall, there were 13.5 million IoT attacks in the first half of 2019, a rise of 55 percent compared to the first six months of the previous year. For manufacturing companies, this means that they have to introduce new security strategies for their networked machinery. Otherwise, there is a risk that hackers will attack production processes or steal business-critical data.
Attackers can steal sensitive company know-how, switch off the power to a system, or block functions that the company can only monitor again once a ransom is paid. For example, the computer worm NotPetya stopped production lines at Renault in France, blocked the shipping company Maersk from being able to load containers, and caused sensors to fail at the reactor turbines in Chernobyl.
Opening production networks to the public therefore carries risks that did not exist in previously isolated networks of the past. The threat of an intrusion into industrial networks via remote access is currently listed by Germany's Federal Office for Information Security (BSI) in fourth place among the Top 10 threats. The secure implementation of remote maintenance access and the monitoring of access are therefore of high priority if companies want to secure their internal networks and monitoring systems.
Networked machines and factories are a worthwhile target for cybercriminals. The IT business association Bitkom estimates the economic damages to the the German industry caused by hackers at 43.4 billion euros in the period of 2016 to 2018 and attributes the damages, among other things, to the increasing number of IT systems in the production environment of operational technology (OT). In an industrial environment, a hacker attack or an inadvertent infections of the IT controls of a system, a networked car, or traffic management can not only affect data, but in extreme cases it can also be life-threatening. The problem many companies face in the course of this development: an insufficient overview of the IT systems, applications, and data processed in their production environment.
The experts at Deutsche Telekom security ensure the safeguarding of production environments, making OT secure. They reinforce systems and protect them from ransomware, industrial sabotage, and other cyberattacks. They support production managers and OT managers in the search for previously unknown, dynamic, and mobile devices while ensuring constant availability of applications and devices. Telekom Security offers companies two different options for consulting services: OT Security Check pursuant to ISO 27001 and OT Security Check pursuant to ISA/IEC 62443 as well as weak-point analysis and penetration tests.
ITTP detects anomalies in an industrial system's behavior by learning standard commands and regular behavior that complies with the rules within this system. ITPP then detects deviations from the norm. If the solution registers a weak point in the system, it provides information in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.
INPP is a firewall for industrial networks. Its primary focus is to prevent unauthorized attacks on the network as well as uncontrolled data flows. A network can be subdivided into secured zones so that INPP data flows between the zones can be monitored and checked. This prevents unauthorized attacks on control systems. INPP can also implement centrally managed security guidelines across locations and manufacturers. Security gateways can also be used as sensors for the detection of attacks and access protection for remote maintenance.
IAAP guards against remote access to machines, for remote maintenance, for example. The service company technicians gain access via an encrypted connection using a "rendezvous server". 2-factor authentication is used as an additional security measure. The customer's employee likewise sets up a connection to the rendezvous server. He authorizes the technician's connection via a service box or the management portal for a defined period of time. Work on the systems can be monitored and recorded live.