André Neumann

Security for IoT - a secure thing! Logging and legal security for critical infrastructures

CyProtect is an expert in the field of cyber security and offers its predominantly medium-sized customers holistic IT and industrial security solutions. Through a development partnership with the industrial security specialist sematicon AG, the OT security know-how was bundled. With concentrated security power, the two service providers implement a wide variety of security-relevant projects – such as the use case of a waterworks discussed in the podcast. Waterworks are among the so-called critical infrastructures (CRITIS) that guarantee and maintain important social functions. While it used to be predominantly banks, today it is increasingly CRITIS facilities that are being targeted by hackers. The Achilles’ heel here is often the VPN connection, which enables external access and thus remote maintenance. Hackers use this “extended cable” into the system to identify potential software bugs or inject malware. “Throw in some Bitcoins, and maybe I’ll let you access your machine again” – dialogs between hackers and ransomware negotiators of attacked companies actually start like this or something similar in practice. According to CyProtect and sematicon, in order to prevent this from the outset, the primary goal must be to ensure uniform and secure access with complete isolation of the machine network. In the course of this, a product was developed that does just that, hiding the entire plant system under a kind of “digital glass pane”. With regard to data security, the podcast also talks about the so-called security triad – the CIA triad. This construct has less to do with American intelligence than with the buzzwords: Confidentiality, Integrity and Availability. Confidentiality means that the data is encrypted. Integrity means they are unchanged. Availability means you can always access them. However, the three security specialists also state with regard to data: It should be questioned more often which data is actually needed and, in particular, which data is shared – and with whom. The podcast emphasizes the value of data that enables predictive maintenance and thus prevents production downtimes. Predictive maintenance coupled with traceable electronic maintenance log and audit functions offers the industry enormous added value and prevents production downtime, according to the tenor.