Protect industrial networks against hacking

Companies optimize their development, production, and logistics processes based on operational and status data. However, industrial control systems lose their previously insular position once production machines are networked. The machines send data to control systems and in some cases even communicate over the internet with devices at other locations. In the case of maintenance work, specialist service staff access machines remotely either because the specialist personnel are not on site, or to save on costs. Companies are able to increase their productivity in this way – however, where the production and office spheres of a company were previously separated, there are now IT links, and this gives hackers a gateway.

For example, an attack starts with a prepared email. If an employee is careless, or the email is convincing, malicious code enters the company IT via a data attachment or a link contained within the email. From the office, the hacker's program then finds its way into the control and monitoring systems of the factory floor. In the worst case scenario, criminals take control, sabotage the systems, or engage in espionage.

For example, an attack starts with a prepared email. If an employee is careless, or the email is convincing, malicious code enters the company IT via a data attachment or a link contained within the email. From the office, the hacker's program then finds its way into the control and monitoring systems of the factory floor. In the worse case, criminals take control, sabotage the systems, or engage in espionage.

Manufacturing companies are faced with the problem that their machines must run smoothly. Production processes are closely attuned and synchronized with one another, and a delay in the process has an immediate effect on efficiency. Industrial companies therefore fear that IT security solutions in the field of industrial control systems (ICS) can interfere with production processes, such as by blocking firewalls or through unannounced software updates. These fears are legitimate, and security providers must adapt their strategy developed within the world of IT security, for correct use in the OT (operations technology) environment. This will enable, for example, the development of special firewalls tailored to industrial protocols. Another focus of ICS security is the prompt, continuous detection of weak points, infections, or attacks. This allows companies to introduce targeted and timely countermeasures – or to react quickly and effectivity in emergency cases and restore production operations.

The objective is to ensure business continuity and IT security in the range of nanoseconds. Any downtime of assembly lines in the automotive, machine construction, or logistics industry, and especially in critical infrastructure sectors, costs billions every minute lost – which damages the reputation of the company and its customers.

Deutsche Telekom's security experts have developed security solutions for ICS in collaboration with specialized partners. They consist of building blocks which intelligently apportion the company network into zones so that unnecessary and unmonitored data flows, such as between the office and the shop floor, do not occur in the first place. In order to continuously check the system for weak points and to identify previously unknown patterns of attack, solutions are deployed which, with the help of artificial intelligence (machine learning), detect anomalies in the behavior of the system's components. This ‘unsupervised learning’ software does not require a system of rules or signatures. First, it records and models all normal processes in order and then reliably reports any deviations. If it registers such deviations from the norm or a system vulnerability, the system provides an alert in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.