The number and severity of cyber attacks on production facilities is on the rise. G+D Mobile Security has launched a solution, the Secure Industrial Visibility box (SIV), which helps manufacturers to establish cyber security, and provides a protected framework for implementing IoT solutions in the industrial environment. More than 60 international customers are reaping the benefit.
With industrial digitalization and increasingly connected machines, the risk to production environments from the internet is growing rapidly.Industrial machines cannot be protected with conventional methods such as antivirus software because updates may affect the machine’s own software. Worse still, in the case of industrial machinery with a long product lifecycle in the field, operating systems are often not appropriately updated anyway. Upgrading all relevant machines and production equipment to the latest standards with cutting‐edge, secure operating systems is a non‐starter because of the huge costs involved. Behind Secure Industrial Visibility (SIV) is a smart, compact box with a secure operating system, and a piece of software that enables remote access to individual machines whilst also protecting them against cyber attacks.
Enabling machine segmentation
This involves the product (machine) essentially being separated from the main security system by installing another security component upstream of the machine. This component then takes on a gateway function, resulting in a controllable, secure interface. SIV enables machine segmentation, thereby encapsulating machines behind a firewall. These encapsulated machines, now smart, are able to receive updates and predictive maintenance, and an Anomaly Detection Service (ADS) can also be optionally put in place. This enables a smart factory equipped with SIV and ADS to independently recognize instances of unauthorized access, as it learns to make a distinction between normal access and unusual traffic. Manufacturers need to provide comprehensive protection for interactions between machines, production control systems and people.
SIV Hardware features
- Two high‐performance hardware modules are available and can be used directly on the machine as an SIV IoT gateway and protected firewall.
- Two modules (base and advance) are available with different functions and different sizes.
- The SIV base box only measures 85 x 82 x 35 mm, and this compact size means it can be installed on any machine.
- Both modules have a special security operating system, and a suitable security hardware anchor.
Advantages of Secure Industrial Visibility (SIV)
VPN (Virtual Private Network) connections in which equipment IP addresses appear unprotected online are often still in use today. Unlike standard VPN connections, SIV works in “stealth mode”, meaning that the IP address of a machine cannot be identified from outside the system – which considerably reduces the target area. SIV provides a secure “tunnel connection” between the two linked end points with fine granular policy management that is controlled entirely by the user. It only requires the client to operate a standard internet browser, and the IP address cannot be viewed online. SIV effectively protects against cyber attacks, detects attacks, reacts to attacks, and works preemptively. Individual production facilities are accessed via a secure and intelligent IoT gateway. SIV can be used with equipment from any provider or machine manufacturer and secures existing machines (as a retrofit option) in Industry 4.0 environments, as well as new machinery. This means SIV is able to provide high‐end security features to a wide range of industrial IT systems, as well as machine service and maintenance management systems; it covers all security aspects, including certification checks and vulnerability management, for example. As such, SIV fulfills the strict security requirements for remote maintenance in industrial environments (BSI CS‐108) stipulated by the German Federal Office for Information Security (BSI).
Improved production performance
Manufacturers also benefit from transparency (visibility) of the networked machines and a clear view on their use at all stages of production. The solution enables manufacturers and network administrators to receive detailed information on the entire supply chain, and this available data can then be used to improve production performance, processes and workflows. In this process, the status of the entire machine portfolio is continuously recorded – including for older machines which were not originally designed for the IoT. The main areas of use and benefits of SIV include remote maintenance diagnostics, rapid problem resolution, secure system update, maintenance, performance management and reports, as well as improved system processes. In addition, the SIV solution enables improvements in productivity, secure identification with trusted ID for all equipment, and not least, protection of production facilities against cyber attacks and data leaks.
Increasing efficiency of production
The SIV solution enables manufacturers to manage different production facilities, as well as machines from various suppliers. This means they can access detailed information about all production processes, equipment and installations, giving them full oversight and control. Virtually real‐time remote access and data transfer, along with alarms and error messages help to reduce reaction times and maintenance costs. Capacity planning and quality assurance can be improved with SIV, while removing the link between long production lifecycles and relatively short IT cycles results in lower operating costs.