According to the cyber threat report by SonicWall, there were 13.5 million IoT attacks in the first half of 2019, a rise of 55 percent compared to the first six months of the previous year. For manufacturing companies, this means that they have to introduce new security strategies for their networked machinery. Otherwise, there is a risk that hackers will attack production processes or steal business-critical data.
Attackers can steal sensitive company know-how, switch off the power to a system, or block functions which the company can only monitor again once a ransom is paid. The computer worm NotPetya, for example, stopped production lines at Renault in France, the shipping company Maersk was no longer able to load containers, and sensors failed at the reactor turbines in Chernobyl.
Opening production networks to the public therefore carries risks which did not exist in the cut-off networks of the past. The threat of an intrusion into industrial networks via remote access is currently listed by Germany's Federal Office for Information Security (BSI) in fourth place among the Top 10 threats. The secure implementation of remote maintenance access and the monitoring of access are therefore of high priority if companies want to secure their internal networks and monitoring systems.
Networked machines and factories are a worthwhile target for cybercriminals. The IT business association Bitkom measures the business damages inflicted on the German industry by hackers at 43.4 billion euros in the period of 2016 to 2018 and attributes the damages, among other things, to the increasing number of IT systems in the production environment of operational technology (OT). In an industrial environment, a hacker attack or an inadvertent virus in the IT controls of a system, a networked car, or traffic management can not only affect data, in extreme cases it can also be life-threatening. The problem many companies face during this development: an insufficient overview of the IT systems, applications, and data processed in their production environment.
The experience of the Deutsche Telekom security experts ensures the safeguarding of production environments, making OT secure. They harden systems and protect them from ransomware, industrial sabotage, and other cyberattacks. They support production managers and OT managers in the search for previously unknown, dynamic, and mobile devices while ensuring constant availability of applications and devices. Telekom Security offers companies two different options for consulting services: OT Security Check pursuant to ISO 27001 and OT Security Check pursuant to ISA/IEC 62443 as well as weak-point analysis and penetration tests.
ITTP detects anomalies in an industrial system's behavior by learning standard commands and regular behavior which complies with the rules within this system. ITPP then detects deviations from this norm. If the solution registers a weak point in the system, it provides information in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.
INPP is a firewall for industrial networks. Its primary focus is to prevent unauthorized attacks on the network as well as uncontrolled data flows. A network can be subdivided into secured zones so that INPP data flows between the zones can be monitored and checked. This prevents unauthorized attacks on control systems. INPP can also implement centrally managed security guidelines across locations and manufacturers. Security gateways can also be used as sensors for the detection of attacks and access protection for remote maintenance.
IAAP guards against remote access to machines, for remote maintenance, for example. The service company technicians gain access via an encrypted connection using a "rendezvous server". 2-factor authentication used as an additional security measure. The customer's employee likewise sets up a connection to the rendezvous server. He authorizes the technician's connection via a service box or the management portal for a defined period of time. Work on the systems can be monitored and recorded live.
Future-proofing a company requires four building blocks: connectivity, cloud and IT infrastructure, security, and digitalization. Industry 4.0 and smart factories require special protection against hacker attacks.