Gerrit Boysen, manager, product marketing security, Phoenix Contact Electronics GmbH, Bad Pyrmont, and Christina Höfer, head, delivery and support, SecurityMatters B.V., Eindhoven, explain the advantages of an immune system for every production network.
Access security is increasingly important in times of Industrie 4.0. Therefore, SecurityMatters and Phoenix Contact have pooled their expertise in a technological partnership. The level of security in production networks can be increased easily and significantly by combining the software for network monitoring and industrial security appliances. The common approach sets new standards both in the manufacturing environment and in critical infrastructures.
Today, more and more machines and systems exchange data with each other locally and globally. The growing amount of communication is leading to increased requirements for network security as well. Operators must, therefore, ask themselves the question of which information may be transmitted to which machine and when.
Particularly, when it comes to production systems that have been expanded as well as fully integrated into a network over a number of years, the answer to this question turns out to be difficult and time-consuming. SecurityMatters and Phoenix Contact have formed a technological partnership to provide users with professional, integrated and efficient support.
SecurityMatters, founded in the Dutch city of Eindhoven in 2009, is an innovative company active in the field of IT security and has specialised in anomaly detection in industrial networks. SilentDefense is an essential component of the product portfolio of SecurityMatters. The powerful platform for network monitoring has been offered in the market since 2013.
As one of the worldwide market leaders and innovators in electrical engineering, electronics and automation, Phoenix Contact operates among other things its own centre of excellence for cyber security located in Berlin. Based on long-standing expertise in this environment, the company provides customised products and network solutions that implement special industrial requirements. The routers of the product range FL mGuard are the core of the security product line.
Concurrent identification of errors and diagnosis of attacks
In 2016, SecurityMatters and Phoenix Contact decided to combine their security products, thus generating significant added value for the users. To provide a solution for network monitoring, SilentDefense supports users with the analysis and strengthening of their network. The capability to visualise the network in real time, perform user-defined tests and automatically monitor network communication are only some of the functions that distinguish the monitoring system. SilentDefense can be used for diagnosing cyber-attacks as well as for identifying operational errors.
The FL mGuard industrial security routers by Phoenix Contact are designed to operate without fans and feature reliable security and performance in a compact, DIN rail-mountable metal case. Along with providing a secure VPN tunnel (Virtual Private Network), the devices are capable of various industry-specific firewall functions. This includes a user firewall, a conditional firewall for activating defined firewall rules as well as deep packet inspection for the thorough investigation of any data packet transmitted via OPC Classic or Modbus/TCP.
This allows the defence-in-depth concept, based on the international standards ISA 99 and IEC 62443, to be implemented professionally in the applications. Thanks to the decentralised security concept, production plants are reliably protected against sabotage and the associated malfunctions in the production process.
Immediate detection of even small changes in the network
When SilentDefense and the FL mGuard security appliance are combined in practice, there is an additional benefit for the users. For example, Security Consulting from Phoenix Contact uses the software for network monitoring in order to analyse in detail the data exchange in complex industrial networks. The system operator has in this way an exact overview of which participants in the production network are sending which content to which other participants as well as how and when it is sent.
Unauthorised communication is visible and can be switched off. A powerful cyber-attack does not present the biggest risk for many companies, but instead, the innumerable self-induced small changes in the system which add up over the course of time and pose an ever greater risk to the availability of the manufacturing network.
Relevant examples abound. A controller, for example, is swapped with a replacement device which is programmed somewhat differently than the original PLC. During a system upgrade, the product supplier uses a weaker protocol for time synchronisation than the one previously used. Newly added devices attempt to reach an external server using unknown TCP ports. Establishing a connection with an unavailable server floods the production network with data. The list of examples is endless.
Direct transmission of configuration data records in the firewall
After SilentDefense analyses the communication relationships in the production network and unwanted connections are switched off, the second important step follows which is network security using firewalls from the FL mGuard product range. The innovative aspect of the solution is the interplay of hardware and software on-site at the user. The communication relationships which were identified as correct by SilentDefense are directly transmitted as firewall configuration data records to the security appliance installed in a decentralised system. This makes defining firewall rules much easier and avoids faulty as well as carelessly maintained firewall rules.
Responsible employees in particular prefer to let unknown, unidentified data packets pass through the firewall in production networks which are complex and have grown over the years, rather than run the risk of the system perhaps no longer manufacturing. This practice, however, poses a high and unnecessary security risk. With the solution described here and based on SilentDefense and the devices of the mGuard product range, both user requirements are now implemented professionally, thus guaranteeing high system availability with simultaneously high protection of the production network against unauthorised access and harmful actions.
Dynamic adjustment of security measures
Initial pilot projects are making the next innovative step. If SilentDefense is installed permanently at the user’s site, he has the option of dynamically adjusting the security measures. If, for example, hackers are using an existing previously secure communication link for an attack, the FL mGuard firewall can change the configuration essentially in real time following approval from the responsible employee or SilentDefense can be used to do this automatically. In this way, unwanted connections can be stopped quickly and easily, whereas a desired data transmission will be specifically permitted later.
The technological partnership between SecurityMatters and Phoenix Contact, therefore, has led to an innovative leap in industrial security and is setting new standards in the area of quality. The SilentDefense software and FL mGuard security router form a symbiosis and create a clear benefit for the user. It is, therefore, irrelevant whether it is used in a critical infrastructure application or an application in one of the many industrial sectors.
