Productivity rises when factories are digitalized and connected, but so does the risk of cyber attacks. Companies have to avert this threat. After all, long-term business success depends on their ability to maintain security in their manufacturing environment. Let us support you on this journey with custom concepts tailored specifically to your risks.
Manufacturing systems and processes are becoming increasingly connected as the digital transformation advances. As it stands, the weak link along the way is cyber security. Cyber crime affects all industries. It comes in many guises, including espionage, sabotage, extortion, and physical damage. Industrial automation systems are particularly vulnerable to cyber attacks. They can disrupt and even bring entire production lines to a standstill. Many manufacturers see this worst-case scenario as a remote possibility. In reality, however, very few companies are actually safe, as the cyber security experts at the Aachen-based Fraunhofer Institute for Production Technology IPT have demonstrated. (Source: Frauenhofer IPT, Whitepaper Cybersecurity in networked production)
Join us as we pursue the goal of cyber security in compliance with the internationally recognized IEC 62443 standard.
Services for manufacturers of connected machines
Process consulting and process development
Cyber security processes and methods are indispensable to companies that develop secure machines, manufacturing systems, or software products. Many operators expect products involving IACS (industrial automation and control systems) to be developed in compliance with IEC62443 standards. A recurring challenge is that security processes typically have dependencies and goals that conflict with those of other development processes. Take advantage of the vast experience we have gained with our in-house cyber security engineering process. When you set out to establish new security processes and methods, call on our support to help you with your development effort. Rest assured, we will factor your requirements, technical constraints, and legacy processes into the security equation. Count on us to
Establish and expand security processes (e.g. in compliance with IEC 62443)
Set up and conduct training
Advise you on methods (e.g. risk analysis & tooling)
Risk analysis for your machine
Companies that build connected machines and manufacturing systems have to consider economic concerns. This gives rise to many questions: How much do we have to invest to achieve the level of security required by customers who are going to buy prospective products? Which security concerns do we need to prioritize? What steps do we have to take to put these priorities into practice? A risk analysis can help you make informed decisions, avoid over-investing, and deliver proven premium security to your customers.
It serves to identify appropriate security objectives, pinpoint potential vulnerabilities in a system, and assess the associated risk. Let us join forces to assess risk and draw up a list of prioritized vulnerabilities. This will help you decide what you need to do to achieve your security objectives. Team up with us to
Investigate potential damage scenarios and their impact
Pinpoint vulnerabilities, map out attack vectors, and determine probability
Assess risk and identify remedial options
Conceptual consulting for your machine
We will work with you to develop a concept for a security architecture engineered to meet the defined security goals To this end, we take into account the technical requirements for components and machines set out in IEC 62443. If necessary, we will also define technical security requirements tailored specifically to your product. Once the concept stands, the next step is to put the security goals into practice. Count on us to do this
In compliance with IEC 62443 foundational requirements
Using custom solutions for non-standardized aspects
Software development for your machine
Even if the concept and specifications are indeed secure, software vulnerabilities can easily compromise the manufacturing system’s protection. This is why software and the safety mechanisms implemented on the machines have to be free of vulnerabilities. We rely on secure coding practices and semi-automated code analysis to ensure code conformity. To this end, we
Code securely in compliance with guidelines (e.g. CWE, MISRA, SEI CERT C) and code reviews
Integrate cryptographic libraries (e.g. to prevent errors and side channels)
Develop and integrate hardware security module (HSM) software
Harden source code
Testing for your machine
Even the most reliable software has to be tested to eliminate any possibility of attack. The same goes for secure systems. Using state-of-the-art methods and tools to test systems for vulnerabilities that an attacker could exploit, we explore your options for patching these vulnerabilities. This includes
Penetration testing
Fuzz testing
Services for operators of connected manufacturing systems
Process consulting and process development
General product security is one concern, but companies also have to adopt cyber security processes and methods to operate secure and robust manufacturing systems. Drawing on many years’ experience in security engineering, we have the proven skills to help you set up cyber security processes and implement IT security programs, for instance, in compliance with standards based on IEC 62443. Call on us for
Organizational security measures
Configuration management
Network and communication security
Component security
Data protection
User access control
Event and incident management
System integrity and availability
Training design and delivery
Advice on methods (e.g. consulting on risk analysis & tooling)
Risk analysis for your manufacturing system
Connected manufacturing has great advantages, but also comes with potential vulnerabilities. Connectivity can open up gateways for cyber attacks, but we can take precautions to close these portals. Let us team up to assess your risks. To this end, we will partition your connected manufacturing system into zones, pinpoint potential vulnerabilities, and evaluate associated threats. Once the appropriate security objectives for the individual zones and components have been determined, we can move on to assess risk in greater depth and draw up a list of prioritized cyber security requirements. This list provides the underpinning for developing a firm cyber security concept. We are here to help you
Conceptual consulting for your manufacturing system
You want to protect your connected manufacturing systems; we will work with you to develop a concept for a security architecture engineered to achieve the defined security objectives. Once we jointly finalize the concept, we can specify the appropriate requirements. Count on us to make sure the concept works with your legacy components and to implement existing security concepts so as to reduce costs. To this end, we
Apply IEC 62443 foundational requirements
Map out cyber security requirements for components
Conduct a delta analysis against available components, identify unmet requirements, and develop solutions
Work up custom security concepts that go beyond IEC 62443
Testing for your manufacturing system
Systems and software have to be tested for security to rule out potential attack scenarios. State-of-the-art methods and tools enable us to identify vulnerabilities and subsequently develop robust systems. This includes
Cyber security is a crucial step on the journey towards digitalized manufacturing systems. Secure communication between manufacturing systems and the cloud is imperative, as are the tools you need to securely boot and update your manufacturing systems.
Benefits
Cross-industry expertise
Comprehensive IEC 62443-compliant security
A platform to launch your digitalized manufacturing
