Protect machine networks safely

Picture of two men standing in front of machines.
Markus Irle, Vice President Firewall & Security at Lancom Systems (l.), and Dr.-Ing. Benjamin Häfner, Head of Industrial IT at Optima, present the jointly developed security solution. (Bild: Lancom Systems/ Optima Packaging)

22. Februar 2022

Companies are increasingly becoming victims of hacker attacks. Sometimes it is data theft, sometimes blackmail. Recent cases show that companies should not underestimate the danger and neglect digital security. 

You don’t have to be an IT nerd to have noticed the risk of digital vulnerability recently. In May last year, for example, hackers on the east coast of the US unceremoniously shut down one of the country’s largest pipelines remotely to extort a ransom. The social and financial consequences were huge. Due to the scale of such cases, it is easy to overlook the fact that individual companies also fall victim to such attacks. This is what happened in 2019 when automation provider Pilz fell victim to a targeted attack. The company was forced to take all computer networks offline as a precaution. A similar case occurred only at the beginning of the year, when the Swiss foil manufacturer CPH also put all IT systems on hold as a precautionary measure due to a cyber attack and stopped production in the paper and packaging divisions.

Security through remote maintenance

According to a study by the association “Deutschland sicher im Netz” (DsiN), 46 percent of small and medium-sized enterprises in Germany were affected by a cyberattack in 2020. In September 2020, the German packaging machine manufacturer Optima Packaging Group GmbH from Schwäbisch Hall was also the victim of a cyber attack. The attack was quickly discovered and all systems were immediately shut down. Since almost all of Optima’s machines are maintained and monitored by service technicians in the customers’ production halls via VPN remote maintenance, there were fears that, camouflaged by the VPN tunnel, the attack could also spread to the customer networks. This was quickly ruled out, but the company decided to further increase IT security in this area.

The goal was to further increase the security level of remote maintenance and to enhance the protection of the machine networks. The plant manufacturer developed the corresponding solution together with the German network and security manufacturer Lancom Systems from Aachen, a subsidiary of the Munich-based electronics group Rohde & Schwarz. This was preceded by a detailed and in-depth market research. “We took a close look at the solutions offered by various security providers and held intensive discussions,” says Dr.-Ing. Benjamin Häfner, Director Industrial IT at Optima. The decision in favour of Lancom as the manufacturer was followed by months of joint development work, because an out-of-the-box solution for industrial machines had not been available from the German security specialist until then. According to Markus Irle, Vice President Firewall & Security at Lancom Systems, the finished solution offers an exceptional level of security for the industrial and manufacturing sector.

Firewall becomes a bouncer

The new firewalls are put into operation quickly and securely via the Lancom Management Cloud from the Aachen-based company. In the process, basic parameters have to be defined by the IT staff in advance. The cloud takes care of the rest of the roll-out automatically. “Zero-touch deployment is incredibly convenient,” says Häfner. “A plus point that is particularly advantageous for our customers because the implementation of the solution in their corporate networks runs quickly and smoothly.” A Lancom-R&S unified firewall is used on site at each of the customer locations. Remotely, service technicians access Optima’s machines securely and directly via the firewalls using encrypted VPN tunnels. This allows configurations to be changed or error messages to be checked and analysed.

However: Complex cyber attacks can also be carried out via the encrypted VPN channels. In doing so, the attackers use the VPN tunnel as camouflage. The solution: By means of SSL inspection and deep packet inspection pace, scans, filtering and application detection can also be used with encrypted data packets and security requirements can be successfully implemented. At the same time, all data traffic from Optima to the customer networks is logged via the Lancom Management Cloud, enabling detailed monitoring. The VPN remote maintenance is thus reliably and securely monitored.

On site, the firewall becomes the “bouncer” for the machine network. It regulates and reduces communication with the machines. In the process, the machine network, which consists of filling plants for vaccines, for example, is divided into several network segments. When accessing the individual segments, the firewall checks the authorisation each time. As with an entrance control, “access” is either denied or released into the corresponding area. The machine network in the customer’s production facilities is protected from unauthorised access in this way. In addition, the customer can disconnect or connect the VPN tunnel at any time via an external access control in the form of a physical key switch.

In the future, all new Optima machines will be equipped with the new VPN remote maintenance and firewall solution. “In addition, our existing customers will also be offered the upgrade to an even more secure solution,” explains Häfner. Optima uses the security solution to offer its customers the highest level of security for their corporate networks. At the same time, the provisioning and maintenance of the firewall via the cloud is quick and easy. This means that the solution can be integrated for the customer with minimal effort, even in sensitive areas.

http://www.lancom-systems.de

http://www.optima-packaging.com

Latest Stories

Label Durability

Labels offer many functions which can get lost due to label removal. PTS assesses labels and cardboard for durability and tamper evidence.

Weiterlesen »
TEILEN TWITTERN