Industry 4.0 is implemented through the digital networking of processes, machines and computers. The data exchange between these components creates transparency by interposing a data collector. It further enables companies to optimize production processes. However, it also opens the door for data theft and industrial espionage – unless security is taken into account.
We read it over and over in the daily papers: Companies become victims of a cyber-attack. Companies affected report the devastating consequences if security was not the focus of the implementation. In a recent survey, a good third of those responsible for safety in companies stated that their industrial control systems had already been attacked by criminals.
While in the office sector great importance is attached to security in the form of firewalls, honeypots or even sandboxes, precautions in the production network are criminally neglected.
Fully automated attacks and penetration of corporate networks keep infections from unprotected IoT-devices undetected for years. The machines can be infected over long periods of time and can enable skimming of sensitive data.
Security hardened devices – such as . the ARXUM Connection Box – enable communication from the machine world to the IT-world and the cloud without data loss or corruption. This device even provides Blockchain connectivity. An integrated TPM crypto chip forms the basis for the hardest security mechanisms that guarantee a reliable implementation of new data-based services.
Example of a security-hardened IoT device: the ARXUM Connection Box
Why does it matter?
When deciding on an IoT-capable data collector, it is extremely important to ensure that the devices are designed according to the Security by Design concept. Security forms the basis of the Security by Design approach and is already implemented during product development. It describes integrated software security and assumes that security is included as a fundamental requirement in the development process. Integrated safety measures must be taken into account and be implemented from the initialisation stage. Testing this security is also a central feature of the Security by Design approach.
Why not just retrofit?
If safety measures were only taken retrospectively, only gaps could be filled. General protection would no longer be guaranteed.
Security through operating system security and connectivity
Protection against malware is guaranteed by securing the operating system with an integrated hardware crypto processor and a key store. On this basis, data communication is also secured and offers protection that goes far beyond software certificates. Integration into a Security Information and Management System (SIEM) is also possible. The IoT-Cyber Security concept integrates the possibility to update and install security-critical patches.
To get a versatile device, the connectivity of the respective device plays an important role. The obvious reason for this is that different machine parks work with different connection options and communication protocols. To ensure that a broad mass can connect the respective data collector, high connectivity is therefore indispensable and makes the device easy to integrate.
However, connectivity is also given a completely different role: If a device with limited connection options is selected, it may be necessary to connect an additional device to record sensor values. This way, the company offers attackers an additional attack surface, provided they are network-compatible. Apart from this, the companies incur additional costs as a result.
Establishment of a secure VPN tunnel
Therefore, when purchasing an IoT device, care should be taken to ensure that sufficient digital and analog sensors are processed. Furthermore, serial interfaces, IO-Link, separated LAN interfaces and the possibility of integrating databases via ODBC play an important role. A separate and physically separable network interface, which serves as remote maintenance access for controllers and can only be used after prior authentication, is particularly relevant. This should be designed in such a way that it switches off automatically after a certain period of time if you do not log off. This switchable network interface makes VPN access much more secure than with a conventional key switch, which can be forgotten in everyday production.
Today, modern systems do not require separate software to configure the data logger. The complete configuration can be done directly via the integrated web server.
Here, recorded sensor data and control variables can be filtered in advance, stored and linked to other measured values. Relevant information is generated from the sensor data, which is displayed via the web or transferred to other systems via various communication protocols.
Visualization of main values
Modern visualization concepts allow all main values of components and aggregates to be displayed without complex interaction. The main values can be freely configured. Deeper insights into the plant, the value progressions and messages can be viewed directly with a click. All sensor inputs of the device can be named according to the application and situation.
Beyond the internal visualization, the collected and processed data can be further processed with various protocols. Various industrial and IT protocols are available for this purpose. Various connectors are available for integrating the data into the evaluation systems of relevant solution providers (on-premise or cloud-based).
With a modular software architecture, the protocols and connectors can be flexibly extended at any time so that future viability is maintained.
The digitalization of production brings many advantages, provided that security is ensured with the help of future-oriented security-hardened data collectors.