New security concepts for the IoT
According to the cyber threat report by SonicWall, there were 13.5 million IoT attacks in the first half of 2019, a rise of 55 percent compared to the first six months of the previous year. For manufacturing companies, this means a need to introduce new security strategies for their networked machinery. Failure to adapt presents a risk that hackers will attack production processes, and/or steal business-critical data.
Networked machines are at risk of attack
Companies optimize their development, production, and logistics processes based on operational and status data. However, industrial control systems lose their previously insular position once production machines are networked. The machines send data to control systems and in some cases even communicate over the internet with devices at other locations. In the case of maintenance work, specialist service staff access machines remotely either because the specialist personnel are not on site, or to save on costs. Companies are able to increase their productivity in this way – however, where the production and office spheres of a company were previously separated, there are now IT links, and this gives hackers a gateway.
For example, an attack starts with a prepared email. If an employee is careless, or the email is convincing, malicious code enters the company IT via a data attachment or a link contained within the email. From the office, the hacker's program then finds its way into the control and monitoring systems of the factory floor. In the worst case scenario, criminals take control, sabotage the systems, or engage in espionage.
For example, an attack starts with a prepared email. If an employee is careless, or the email is convincing, malicious code enters the company IT via a data attachment or a link contained within the email. From the office, the hacker's program then finds its way into the control and monitoring systems of the factory floor. In the worse case, criminals take control, sabotage the systems, or engage in espionage.
Industrial espionage and manipulation of machines
Attackers can steal sensitive intellectual property, switch off the power to a system, or block functions that the company can only monitor again once a ransom is paid. For example, the computer worm NotPetya stopped production lines at Renault in France, blocked the shipping company Maersk from being able to load containers, and caused sensors to fail at the reactor turbines in Chernobyl.
Connecting industrial networks to general or public IT networks therefore carries risks that did not exist in previously isolated networks of the past. The threat of an intrusion into industrial networks via remote access is currently listed by Germany's Federal Office for Information Security (BSI) in fourth place among the Top 10 threats. The secure implementation of remote maintenance access and the monitoring of access are therefore of high priority if companies want to secure their internal networks and monitoring systems.
Economic losses running into the billions
Networked machines and factories are a worthwhile target for cybercriminals. The IT business association Bitkom estimates the economic damages to the German industry caused by hackers at 43.4 billion euros in the period of 2016 to 2018, and attributes the damages to, among other things, the increasing number of IT systems placed in the operational technology (OT) environment. In an industrial environment an attack, or an inadvertent infection of the IT controls of a system, a networked car, or traffic management can not only affect data, but in extreme cases it can also be life-threatening. The problem many companies face in the course of this development: an insufficient overview of the IT systems, applications, and data processed in their production environment.
Security must not interfere with production processes
Manufacturing companies are faced with the problem that their machines must run smoothly. Production processes are closely attuned and synchronized with one another, and a delay in the process has an immediate effect on efficiency. Industrial companies therefore fear that IT security solutions in the field of industrial control systems (ICS) can interfere with production processes, such as by blocking firewalls or through unannounced software updates. These fears are legitimate, and security providers must adapt their strategy developed within the world of IT security, for correct use in the OT (operations technology) environment. This will enable, for example, the development of special firewalls tailored to industrial protocols. Another focus of ICS security is the prompt, continuous detection of weak points, infections, or attacks. This allows companies to introduce targeted and timely countermeasures – or to react quickly and effectivity in emergency cases and restore production operations.
The objective is to ensure business continuity and IT security in the range of nanoseconds. Any downtime of assembly lines in the automotive, machine construction, or logistics industry, and especially in critical infrastructure sectors, costs billions every minute lost – which damages the reputation of the company and its customers.
Protecting production facilities
The experts at Deutsche Telekom security ensure the safeguarding of production environments, making OT secure. They reinforce systems and protect them from ransomware, industrial sabotage, and other cyberattacks. They support production managers and OT managers in the search for previously unknown, dynamic, and mobile devices while ensuring constant availability of applications and devices. Telekom Security offers companies two different options for consulting services: OT Security Check pursuant to ISO 27001 and OT Security Check pursuant to ISA/IEC 62443 as well as weak-point analysis and penetration tests.
Security solutions for ICS
Deutsche Telekom's security experts have developed security solutions for ICS in collaboration with specialized partners. They consist of building blocks which intelligently apportion the company network into zones so that unnecessary and unmonitored data flows, such as between the office and the shop floor, do not occur in the first place. In order to continuously check the system for weak points and to identify previously unknown patterns of attack, solutions are deployed which, with the help of artificial intelligence (machine learning), detect anomalies in the behavior of the system's components. This ‘unsupervised learning’ software does not require a system of rules or signatures. First, it records and models all normal processes in order and then reliably reports any deviations. If it registers such deviations from the norm or a system vulnerability, the system provides an alert in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.
Industrial Threat Protect Pro (ITPP)
ITTP detects anomalies in an industrial system's behavior by learning standard commands and regular behavior that complies with the rules within this system. ITPP then detects deviations from the norm. If the solution registers a weak point in the system, it provides information in real time and shows detailed information in a clear console terminal. Experts are then able to assess the transaction and introduce countermeasures as appropriate.
Industrial Network Protect Pro (INPP)
INPP is a firewall for industrial networks. Its primary focus is to prevent unauthorized attacks on the network as well as uncontrolled data flows. A network can be subdivided into secured zones so that INPP data flows between the zones can be monitored and checked. This prevents unauthorized attacks on control systems. INPP can implement centrally managed security guidelines across locations and manufacturers. Security gateways can also be used as sensors for the detection of attacks and access protection for remote maintenance.
Industrial Access Protect Pro (IAPP)
IAAP guards against remote access to machines used for remote maintenance, for example. The service company technicians gain access via an encrypted connection using a "rendezvous server". 2-factor authentication is used as an additional security measure. The customer's employee likewise sets up a connection to the rendezvous server. They authorize the technician's connection via a service box or the management portal for a defined period of time. Work on the systems can be monitored and recorded live.
Digital ecosystem
Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. Industry 4.0 and smart factories require special protection against attacks.