IT Security in Industry: The IT Security Laboratory of Fraunhofer IOSB

Today’s production plants are highly interconnected. Embedded systems interact independently; planning systems from the cloud schedule production steps and machine utilization; plant operators monitor and control remotely; maintenance staff has global access to modify configurations.

In a networked world, the protection of production plants does not end at the factory wall or the fence of the premises any more. Attackers can gain access to the systems through the network connections and manipulate them; malicious code infections can result in a standstill of major areas of production, causing enormous physical damage and endangering human beings. Even before Stuxnet, Duqu, Flame and Havex have been in the news, it has been known that production plants are threatened by cyber-attacks.

IT security in industrial production has to take into account specific basic conditions which are not as relevant in an office environment, in the case of PC workstations or Internet servers. The control of production plants is associated with real-time requirements which make it difficult or even impossible to modify the systems. Software patches on the systems or the installation of monitoring software, malware scanners and antivirus programs, for example, can have an adverse effect on the functionality, while firewalls in the network and encrypted connections between the systems can be detrimental to the real-time conditions. In addition, the relatively long lifetime of hardware and software in manufacturing differs considerably from other areas of IT application.

For this reason, new strategies and methods have to be found for production environments to ensure IT security in practice, not only in new systems, but also in existing installations, above all.

Ideal Test Environment

IT-Sicherheitslabor des Fraunhofer IOSB
© Fraunhofer IOSB
The IT security laboratory of Fraunhofer IOSB has its own model factory with real automation components that control a simulated production plant.

Fraunhofer IOSB’s IT security lab provides an ideal test environment to simulate real-world scenarios and analyze the effects. To this end, the IT security lab includes a specific smart factory with genuine automation components controlling a simulated production plant. All the network levels of a factory environment, including their typical components such as Industrial Ehternet, industrial firewalls and wireless components, are in place.

A specific private cloud enables the IOSB experts to create various configurations rapidly and flexibly and to adjust the smart factory to different scenarios. To this end, the private cloud flexibly provides the required resources to analyze all aspects of network traffic, to include security features in network connections or simulate an attack against the components.

Currently, our efforts focus on the following three areas:

1. Anomaly Detection on the Field Level

Fraunhofer IOSB has many years of experience in the field of condition monitoring for various areas of application. Condition monitoring is designed to analyze process variables in production processes and to recognize system conditions and changes in their status without having an exact previous knowledge about the process itself. Detected anomalies in the process variables indicate changes in the process. These may result from modifications in the process sequence, defects or wear and tear of the production equipment, for example. However, they can also be traced back to intentional or unintentional intervention in the process control because the manufacturing IT has been attacked. In addition, the monitoring of communication links allows interventions to be detected early, before any modifications in the process sequence become apparent.

2. Production Monitoring and Control

Monitoring and control is increasingly based on manufacturer-independent standardized communication protocols enabling global access by means of Internet protocols. In this context, OPC UA provides a framework that will form the basis of world-wide networking in the Industrie 4.0 efforts. The security features of the OPC UA standards are assessed, recommendations for the use and implementation are developed and specific implementations are analyzed for weaknesses. Security guidelines governing the outsourcing of functions or the use of features in public cloud environments are developed.

3. Vulnerability-Analysis

The detection of weaknesses in configurations and faults in software implementations of components and equipment is another focus of IOSB’s IT security experts. In particular, they identify weaknesses in firewall configurations, in the implementation of authentication and encryption methods as well as specific design drawbacks in the applied communication protocols.

To perform the vulnerability analysis, the resources of the private cloud can be bundled to carry out a distributed denial of service attacks against real-world systems and components or to find implementation defects by means of fuzzing tools. In addition, the private cloud allows virtual environments to be created to analyze the behavior of malware and to develop defense strategies.

Moreover, the facilities of the IT security lab are used for training purposes. Training programs dealing with the use of OPC UA mechanisms and the design of secure production networks complete the service.