IT protection now also in the production environment

The Inter­net of Things (IoT) mega­trend has led to more and more “things” (read: machines) being net­worked togeth­er on the store floor as well. The prob­lem, how­ev­er, is that many of these pro­duc­tion sys­tems are vir­tu­al­ly unpro­tect­ed when con­nect­ed to the cor­po­rate net­work or the Inter­net. The 2020 sta­tus report from the Ger­man Fed­er­al Office for Infor­ma­tion Secu­ri­ty (BSI) speaks a clear lan­guage on this: the num­ber of new mal­ware vari­ants has increased by over three mil­lion com­pared to 2019. This is also an indi­ca­tor that hack­ers have built up con­sid­er­able crim­i­nal ener­gy and are act­ing more deci­sive­ly than ever (1).

IT security for all types of machine controls.

Such a threat is call­ing Coscom Com­put­er GmbH to the scene. In the past, the com­pa­ny has worked inten­sive­ly on the process-secure net­work­ing of CNC machines, also known as “DNC.”

“CNC machine con­trols are now inte­grat­ed into TCP/IP net­works like a stan­dard PC with net­work cards. The machine con­trol runs on Win­dows or Lin­ux oper­at­ing sys­tems in the mod­ern machines. How­ev­er, there is no homo­ge­neous ver­sion­ing of the oper­at­ing sys­tems with cur­rent secu­ri­ty updates as with stan­dard PCs. This pro­vides an enor­mous attack surface.”

- Chris­t­ian Erlinger, Man­ag­ing Director

If, for exam­ple, the machine con­troller has access to the Inter­net because the machine is ser­viced remote­ly by the machine man­u­fac­tur­er, this opens the door to hack­ers. Chris­t­ian Erlinger explains why: “No virus scan­ners are installed on the con­trollers because they might have a neg­a­tive impact on the real-time behav­ior of the con­troller. This would remove the sup­pli­er’s war­ran­ty oblig­a­tion. Anoth­er dan­ger point is the USB port on the machine, because the mobile data car­ri­ers could be bugged, allow­ing unau­tho­rized access to the over­all net­work.” The use of cloud com­put­ing for eval­u­a­tion sce­nar­ios also pos­es dan­gers in terms of cyber secu­ri­ty. How­ev­er, the aware­ness of dan­gers from the net­work has grown con­sid­er­ably in the mean­time, assures the man­ag­ing direc­tor. In the mean­time, an IT secu­ri­ty offi­cer from the man­u­fac­tur­ing com­pa­ny is usu­al­ly present dur­ing dis­cus­sions about store floor networking.

Harmonization of different operating systems

The com­pa­ny has devel­oped the “IT Secu­ri­ty Ser­vice” soft­ware prod­uct for this pur­pose. It is a mod­ern web ser­vice that com­plete­ly and reli­ably sep­a­rates the machine net­work from the office net­work. A fire­wall is insert­ed between the two, allow­ing both IT infra­struc­tures to exchange data secure­ly with each oth­er. For exam­ple, CNC pro­grams can be trans­mit­ted to the machin­ing cen­ters via enabled ports.

Chris­t­ian Erlinger explains: “Our IT Secu­ri­ty Ser­vice elim­i­nates the secu­ri­ty risk on the store floor! The com­pa­ny ensures that IT can com­mu­ni­cate with the his­tor­i­cal­ly grown struc­tures in the machine park with­out dan­ger.” In addi­tion, oper­at­ing sys­tems of the machine con­trols no longer have to be updat­ed for secu­ri­ty rea­sons. The web ser­vice com­pen­sates for incom­pat­i­bil­i­ties between dif­fer­ent oper­at­ing sys­tem ver­sions. Har­mo­niza­tion thus takes place at a high IT secu­ri­ty level.

Implementing digitization holistically

 The IT secu­ri­ty ser­vice is also so valu­able because not only can the store floor be net­worked absolute­ly secure­ly, but the expan­sion of the com­pa­ny’s own dig­i­ti­za­tion infra­struc­ture can also be dri­ven for­ward with­out hes­i­ta­tion. COSCOM has a great deal of expe­ri­ence as a store floor inte­gra­tor. The inno­v­a­tive web ser­vice relieves the IT depart­ment of tasks relat­ed to secure net­work­ing on the store floor and sup­ports the imple­men­ta­tion of holis­tic dig­i­ti­za­tion strate­gies that link the top and the store floor.