Follow
Follow
LinkedIn Facebook X Youtube e-mail
LinkedIn Facebook X Youtube e-mail

Securely protect machine networks

Companies are increasingly falling victim to hacker attacks. Sometimes it is data theft, sometimes it is blackmail. Recent cases show that companies should not underestimate the danger and should not neglect digital security.

Companies are increasingly falling victim to hacker attacks. Sometimes it is data theft, sometimes it is blackmail. Recent cases show that companies should not underestimate the danger and should not neglect digital security.

You don't have to be an IT nerd to have come across the Risk of digital vulnerability have become aware of this. In May last year, for example, hackers on the east coast of the USA remotely shut down one of the country's largest pipelines to extort a ransom. The social and financial consequences were enormous.

Due to the scale of such cases, it is easy to overlook the fact that individual companies also fall victim to such attacks. This was the case in 2019, when automation provider Pilz fell victim to a targeted attack. The company was forced to take all its computer networks offline as a precautionary measure. A similar case occurred at the beginning of the year when the Swiss film manufacturer CPH also put all IT systems on hold as a preventative measure due to a cyber attack and stopped production in the paper and packaging divisions.

Security through remote maintenance

According to a study by the „Deutschland sicher im Netz“ (DsiN) association, in 2020 there were 46 per cent of small and medium-sized enterprises affected by a cyberattack affected. In September 2020, the German packaging machine manufacturer Optima Packaging Group GmbH from Schwäbisch Hall was the victim of a cyber attack. The attack was discovered quickly and all systems were shut down immediately. As almost all of Optima's machines are maintained and monitored by service technicians in the customer's production halls via VPN remote maintenance, there was a risk of a cyber attack. Fears that the attack could spread to customer networks in disguise through the VPN tunnel. This was quickly ruled out, but the company decided to further increase IT security in this area.

Display

The goal: The security level of remote maintenance should be further increased and the protection of machine networks enhanced. The system manufacturer developed the corresponding solution together with the German Network and security manufacturer Lancom Systems from Aachen, a subsidiary of the Munich-based electronics group Rohde & Schwarz. This was preceded by detailed and in-depth market research.

„We took a close look at the solutions from various security providers and held intensive discussions,“ says Dr Benjamin Häfner, Director Industrial IT at Optima. The decision in favour of Lancom as the manufacturer was followed by a Months of joint development work, because there has never been an out-of-the-box solution for industrial machines from the German security specialist before. According to Markus Irle, Vice President Firewall & Security at Lancom Systems, the ready-to-use solution offers a level of security that is unrivalled on the market. Exceptional level of security for the industrial and manufacturing sector.

Firewall becomes a bouncer

The new firewalls are put into operation quickly and securely via the Lancom Management Cloud from Aachen. Basic parameters must be defined in advance by the IT staff. The cloud takes care of the rest of the roll-out automatically. „Zero-touch deployment is incredibly convenient,“ says Häfner. „This is an advantage for our customers in particular, as the implementation of the solution in their company networks runs quickly and smoothly.“ A Lancom R&S unified firewall is used on site at each of the customer locations. Service technicians access the Optima machines remotely and securely via the firewalls using encrypted VPN tunnels. This allows configurations to be changed or error messages to be checked and analysed.

However, complex cyber attacks can also be carried out via the encrypted VPN channels. The attackers use the VPN tunnel as a disguise. The solution: SSL Inspection and Deep Packet Inspection Pace can also be used to scan, filter and recognise applications for encrypted data packets and successfully implement security requirements. At the same time, all data traffic from Optima to the customer networks is logged via the Lancom Management Cloud, enabling detailed monitoring. VPN remote maintenance is thus monitored reliably and securely.

Markus Irle, Vice President Firewall & Security at Lancom Systems (left), and Dr Benjamin Häfner, Head of Industrial IT at Optima (right), present the jointly developed security solution. (Image: Optima)

On site, the firewall becomes the „Doorman“ for the machine network. It regulates and reduces communication with the systems. The machine network, which consists of filling systems for vaccines, for example, is divided into several network segments. When accessing the individual segments, the firewall checks the authorisation each time. As with an entry control, „access“ is either denied or authorised to the relevant area. The Machine network in the customers' production facilities is protected from unauthorised access in this way. In addition, the customer can disconnect or connect the VPN tunnel at any time via an external access control in the form of a physical key switch.

In future, all new Optima machines will be equipped with the new VPN remote maintenance and firewall solution. „In addition, there are our existing customers, for whom we will also offer an upgrade to an even more secure solution,“ explains Häfner. Optima uses the security solution to offer its customers the highest level of security for their company networks. At the same time, provisioning and maintaining the firewall via the cloud is quick and easy. This means that the solution can be integrated for customers with minimal effort, even in sensitive areas.

More news