Decoupling security and machine lifecycle
A cloaking device for trusted machines
The number of cyberattacks against industries is increasing very fast. The complexity of production networks is growing, and with complexity comes a higher level of vulnerability. Moreover, most machines currently in use are not designed to meet today's security requirements: Their operating systems are often outdated or simply do not receive the necessary security patches.
Security-by-design comes with a built-in expiration date
Even security-by-design for new industrial machines is unlikely to prove a lasting protection against cyberattacks. Given the pace at which the sophistication of cyberattacks grows, they will overcome the security levels of security-by-design machines long before they reach the end of their lifecycle in 20 years or more. G+D’s approach to overcoming this weakness is the decoupling of security and machine lifecycle. The machine will be protected without the need to change or update the system.
The security challenge
Current status of cyber protection for industrial machines
Typically no security updates and/or patches for industrial PCs
No 3rd-level protection similar to anti virus software or a software firewall on industrial PCs
because of undesired side-effects to the system, such as blue screens or warranty loss. In addition, security lifecycle and update frequency are too short for the security needs of manufacturing.
Predefined passwords mostly remain unchanged,
although individualized passwords changed at regular intervals are an essential security requirement.
Even a operating system of 10 or more years that appears robust, but has not been patched, is vulnerable to cyberattacks.
With the progress of digitization, more and more machines are becoming visible to the internet. Visible details can include machine type and the version of the operating system. But if you are visible, you are vulnerable.
Industry networks are becoming more complex. Complexity creates loopholes that may be easy to exploit. Attacks tend to start at the weakest point of a network or system.
Security-By-Design rules for manufacturing PCs is unusual. In addition, SBD rules for industrial PCs are often insufficient or lack standardization.
The effectiveness of security measures and tools is limited by the time. Retrofitting is difficult and the security lifecycle remains short.
Active cyber protection for industrial systems and environments
Simplified view of Active Cyber Protection by G+D
The security suite, Active Cyber Protection, shields systems and environments from cyberattacks. It makes devices invisible to the outside, without impacting machines, medical devices, systems, or processes on the inside.
Recommendations for enhanced security in manufacturing environments
+ Security-by-desin for new and upcoming machines
+ Decouple security and machine lifecycles
+ Use IT security appliance via an external device (microsegmentation). This is a level-3 defense.
+ Use device-specific behavior monitoring (passive), e.g. Anomaly Detection. This is level-4 defense.
The 5 modules of Active Cyber Protection
+ Up-to-date, managed IT security appliance
+ Security without side effects and without impacting machines, systems, or production processes
+ Designed for industrial systems and environments as well as for devices inside critical infrastructure
Advanced security service
+ Advanced security lifecycle management
+ 2nd- and 3rd-level security service
+ Vulnerability management
Anomaly detection system (optional extension)
+ Allows local, machine- and data-specific anomaly detection
+ Self-learning detection based on network behavior
+ Includes compliance and policy verification
Crypto Core SSD (optional extension)
+ Embedded hardware crypto module for Stealth Shield
+ Provides highly secure crypto functions
24/7 administration and application hotline
+ 1st-level support for security and administration
Features of Active Cyber Protection by G+D
ACP – an industrial-grade managed IT security appliance
Latest security solution and network security, designed for industrial systems and environments
Supports microsegmentation or full stealth (100% transparent) mode
Security without side effects and without impacting machines, systems, or processes
Integrated into an industrial machine, it decouples its security and device lifecycles
Get insider insights
Download "The Road to Industry 4.0"
Leverage G+D's expertise and experience in secure visibility to connect your machine parks to the Industrial Internet of Things.
Top 10 Threats and Countermeasures 2016
This overview by the German Federal Office for Information Security looks at the key threats to industrial systems and possible countermeasures.
This clientless IoT connector supports all your use cases, from connectivity to data transparency, from remote system monitoring to predictive and preventive maintenance.
This modular suite gives you visibility and control of usage for one or more sites. It strengthens cyber protection, protects remote and roaming staff, and ensures secure interaction between machines.