Empty warehouse with yellow rolling gates

Protect industrial networks against hacking

Networked production facilities are at risk from hacking. Hackers want to steal data or manipulate processes

New security concepts for the IoT

According to the cyber threat report by SonicWall, there were 13.5 million IoT attacks in the first half of 2019, a rise of 55 percent compared to the first six months of the previous year. For manufacturing companies, this means that they have to introduce new security strategies for their networked machinery. Otherwise, there is a risk that hackers will attack production processes or steal business-critical data.

Networked machines are at risk of attack

Companies optimize their development, production, and logistics processes based on operational and status data. However, industrial control systems thus lose their previously insular position since the production machines are networked. The systems send data from the machines to control systems and in some cases even communicate over the internet with devices at other locations. In the case of maintenance work, specialist service staff access machines remotely either because the specialist personnel are not on site or to save on costs. Companies are able to increase their productivity in this way – however, where the production and office spheres of a company were previously separated, there are now IT links. And this gives hackers a gateway.

For example, an attack starts with a prepared email. If an employee is careless, or the email is convincing, malicious code enters the company IT via a data attachment or a link contained within the email. From the office, the hacker's program then finds its way into the control and monitoring systems of the factory floor. In the worse case, criminals take control, sabotage the systems, or engage in espionage.

Industrial espionage and manipulation of machines

Man operates a robot cutting machine

Attackers can steal sensitive company know-how, switch off the power to a system, or block functions that the company can only monitor again once a ransom is paid. For example, the computer worm NotPetya stopped production lines at Renault in France, blocked the shipping company Maersk from being able to load containers, and caused sensors to fail at the reactor turbines in Chernobyl.

Opening production networks to the public therefore carries risks that did not exist in previously isolated networks of the past. The threat of an intrusion into industrial networks via remote access is currently listed by Germany's Federal Office for Information Security (BSI) in fourth place among the Top 10 threats. The secure implementation of remote maintenance access and the monitoring of access are therefore of high priority if companies want to secure their internal networks and monitoring systems.

We look forward to your project!

We are happy to provide you with the right experts and to answer your questions about planning, implementation, and maintenance for your digitalization plans. Get in touch!

Economic losses running into the billions

Man stands in front of a virtual graphic in a large office and points to the graphics.

Networked machines and factories are a worthwhile target for cybercriminals. The IT business association Bitkom estimates the economic damages to the the German industry caused by hackers at 43.4 billion euros in the period of 2016 to 2018 and attributes the damages, among other things, to the increasing number of IT systems in the production environment of operational technology (OT). In an industrial environment, a hacker attack or an inadvertent infections of the IT controls of a system, a networked car, or traffic management can not only affect data, but in extreme cases it can also be life-threatening. The problem many companies face in the course of this development: an insufficient overview of the IT systems, applications, and data processed in their production environment.

Security must not interfere with production processes

Manufacturing companies are nevertheless faced with the problem that their machines have to run smoothly. Production processes are closely attuned and synchronized with one another. A delay in the processes has an immediate effect on efficiency. Industrial companies therefore fear that IT security solutions in the field of industrial control systems (ICS) can interfere with production processes, such as by blocking firewalls or through unannounced software updates. These fears are legitimate since security providers must adapt their protection concepts known from IT security for use in the OT (operations technology) environment. This enables them to develop special firewalls tailored to industrial protocols. Another focus of ICS security is the prompt, continuous detection of weak points, infections, or attacks. This allows companies to introduce targeted and timely countermeasures – or to react quickly and effectivity in emergency cases and restore production operations.

The objective is to ensure business continuity and IT security in the range of nanoseconds. Any downtime of assembly lines in the automotive, machine construction, or logistics industry, and especially in critical infrastructure sectors, costs billions every minute – which damages the reputation of the company and its customers.

IT security under attack

43.4 billion euros

of industrial damage to the German industry caused by hackers from 2016 to 2018

13.5 million

worldwide IoT attacks in the first half of 2019

Ranked 4th

the threat from breaches in industrial networks according to the BSI (German Federal Office for Information Security)

More than 90 percent

of firmware data feature critical security vulnerabilities

Protecting production facilities

Man standing with his back to the wall in a factory building and operating a laptop

The experts at Deutsche Telekom security ensure the safeguarding of production environments, making OT secure. They reinforce systems and protect them from ransomware, industrial sabotage, and other cyberattacks. They support production managers and OT managers in the search for previously unknown, dynamic, and mobile devices while ensuring constant availability of applications and devices. Telekom Security offers companies two different options for consulting services: OT Security Check pursuant to ISO 27001 and OT Security Check pursuant to ISA/IEC 62443 as well as weak-point analysis and penetration tests.

Security solutions for ICS

Deutsche Telekom's security experts have developed security solutions for ICS in collaboration with specialized partners. They consist of building blocks which intelligently apportion the company network into zones so that unnecessary and unmonitored data flows, such as between the office and the shop floor, do not occur in the first place. In order to continuously check the system for weak points and to identify previously unknown patterns of attack, solutions are deployed which, with the help of artificial intelligence (machine learning), detect anomalies in the behavior of the system's components. This happens with learning software that does not require a system of rules or signatures. First, it records and models all normal processes in order and then reliably reports any deviations. If it registers such deviations from the norm or a system vulnerability, the system provides an alert in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.

Industrial Threat Protect Pro (ITPP)

There are several computer monitors on a long desk. Employees can be recognized in the background.

ITTP detects anomalies in an industrial system's behavior by learning standard commands and regular behavior that complies with the rules within this system. ITPP then detects deviations from the norm. If the solution registers a weak point in the system, it provides information in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.

Industrial Network Protect Pro (INPP)

In a larger warehouse, there are six server units in a row

INPP is a firewall for industrial networks. Its primary focus is to prevent unauthorized attacks on the network as well as uncontrolled data flows. A network can be subdivided into secured zones so that INPP data flows between the zones can be monitored and checked. This prevents unauthorized attacks on control systems. INPP can also implement centrally managed security guidelines across locations and manufacturers. Security gateways can also be used as sensors for the detection of attacks and access protection for remote maintenance.

Industrial Access Protect Pro (IAPP)

Hands write on a computer keyboard. In addition, blurred data sets can be recognized

IAAP guards against remote access to machines, for remote maintenance, for example. The service company technicians gain access via an encrypted connection using a "rendezvous server". 2-factor authentication is used as an additional security measure. The customer's employee likewise sets up a connection to the rendezvous server. He authorizes the technician's connection via a service box or the management portal for a defined period of time. Work on the systems can be monitored and recorded live.

Industrial security: production facilities in cyberview

High productivity, high security risk: how hackers have set their sights on connected industrial systems.

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. Industry 4.0 and smart factories require special protection against hacker attacks.

Zu unserer Strategie