Decoupling security and machine lifecycle

A cloaking device for trusted machines

The number of cyberattacks against industries is increasing very fast. The complexity of production networks is growing, and with complexity comes a higher level of vulnerability. Moreover, most machines currently in use are not designed to meet today's security requirements: Their operating systems are often outdated or simply do not receive the necessary security patches.

Security-by-design comes with a built-in expiration date

Even security-by-design for new industrial machines is unlikely to prove a lasting protection against cyberattacks. Given the pace at which the sophistication of cyberattacks grows, they will overcome the security levels of security-by-design machines long before they reach the end of their lifecycle in 20 years or more. G+D’s approach to overcoming this weakness is the decoupling of security and machine lifecycle. The machine will be protected without the need to change or update the system.


The security challenge

Current status of cyber protection for industrial machines

  • Typically no security updates and/or patches for industrial PCs
  • No 3rd-level protection similar to anti virus software or a software firewall on industrial PCs
    because of undesired side-effects to the system, such as blue screens or warranty loss. In addition, security lifecycle and update frequency are too short for the security needs of manufacturing.
  • Predefined passwords mostly remain unchanged,
    although individualized passwords changed at regular intervals are an essential security requirement.
  • Even a operating system of 10 or more years that appears robust, but has not been patched, is vulnerable to cyberattacks.
  • With the progress of digitization, more and more machines are becoming visible to the internet. Visible details can include machine type and the version of the operating system. But if you are visible, you are vulnerable.
  • Industry networks are becoming more complex. Complexity creates loopholes that may be easy to exploit. Attacks tend to start at the weakest point of a network or system.
  • Security-By-Design rules for manufacturing PCs is unusual. In addition, SBD rules for industrial PCs are often insufficient or lack standardization.
  • The effectiveness of security measures and tools is limited by the time. Retrofitting is difficult and the security lifecycle remains short.

Active cyber protection for industrial systems and environments

Simplified view of Active Cyber Protection by G+D

The security suite, Active Cyber Protection, shields systems and environments from cyberattacks. It makes devices invisible to the outside, without impacting machines, medical devices, systems, or processes on the inside.

Recommendations for enhanced security in manufacturing environments

+ Security-by-desin for new and upcoming machines
+ Decouple security and machine lifecycles
+ Use IT security appliance via an external device (microsegmentation). This is a level-3 defense.
+ Use device-specific behavior monitoring (passive), e.g. Anomaly Detection. This is level-4 defense.


The 5 modules of Active Cyber Protection

Stealth shield

+ Up-to-date, managed IT security appliance
+ Security without side effects and without impacting machines, systems, or production processes
+ Designed for industrial systems and environments as well as for devices inside critical infrastructure

Advanced security service

+ Advanced security lifecycle management
+ 2nd- and 3rd-level security service
+ Vulnerability management

Anomaly detection system (optional extension)

+ Allows local, machine- and data-specific anomaly detection
+ Self-learning detection based on network behavior
+ Includes compliance and policy verification

Crypto Core SSD (optional extension)

+ Embedded hardware crypto module for Stealth Shield
+ Provides highly secure crypto functions

24/7 administration and application hotline

+ 1st-level support for security and administration


Features of Active Cyber Protection by G+D

ACP – an industrial-grade managed IT security appliance

  • Latest security solution and network security, designed for industrial systems and environments
  • Supports microsegmentation or full stealth (100% transparent) mode
  • Security without side effects and without impacting machines, systems, or processes
  • Integrated into an industrial machine, it decouples its security and device lifecycles

Get insider insights

Download "The Road to Industry 4.0"

Leverage G+D's expertise and experience in secure visibility to connect your machine parks to the Industrial Internet of Things.


ICS Security

Top 10 Threats and Countermeasures 2016

This overview by the German Federal Office for Information Security looks at the key threats to industrial systems and possible countermeasures.


Your contact for United States
Change your location >

 
 

Leave this empty:

Thank you for your message!
We will be in touch shortly.

To make sure we can contact you, we just sent you a confirmation email to the address you provided. Should you not receive anything, please checkout your spam-folder and make sure you entered your email address correctly.


Related Topics

Secure IoT connection to the Industrial Internet of Things

This clientless IoT connector supports all your use cases, from connectivity to data transparency, from remote system monitoring to predictive and preventive maintenance.

Read more about secure IoT connection  

Secure industrial visibility

This modular suite gives you visibility and control of usage for one or more sites. It strengthens cyber protection, protects remote and roaming staff, and ensures secure interaction between machines.

Explore our solutions for secure industrial-grade visibility