ISuTest® - Automated vulnerability scanning for industrial automation components
Industrial components used in modern systems such as traffic light controls, trains, and power plants are accessible via networks and are therefore potentially vulnerable to attack. Attacks can have serious consequences, which is why the EU has enacted the Cyber Resilience Act (CRA), which obliges manufacturers to develop components with digital elements securely. The IEC 62443 standard describes a secure development lifecycle, with vulnerability scanning being a central component. The ISuTest® framework, developed at Fraunhofer IOSB Karlsruhe, is used for automated vulnerability scanning in automation components. It uses fuzzing techniques for black-box testing and monitors functionality during testing. ISuTest® can be used in test centers and during development and has already discovered numerous vulnerabilities—with ISuTest®, the vision of security by design does not have to remain a vision.
to the project page
Cybersecurity Training Lab
he Cybersecurity Training Lab of Fraunhofer Academy is a cooperation between Fraunhofer and selected universities of applied sciences. Specialists and managers from industry and public administration receive a compact qualification in high-quality laboratories with up-to-date IT infrastructure. There, they simulate real threat scenarios, learn to recognise their significance and consequences and study suitable solution concepts in a practical manner in their use and efficiency. Based on proven cooperation models between Fraunhofer and universities of applied sciences, a model is being implemented for the further training of IT security specialists which involves the universities of applied sciences as partners in cooperative research, in the development of further training concepts and teaching modules and finally in the teaching of the course content.
TO the Product page
Security for OPC UA and certificate management
The secure operation of modern industrial networks is a major challenge. Communication protocols that allow protected and authenticated connections, such as OPC UA, are helpful in this regard. With OPC UA, as with many other protocols, these connections are secured through the use of certificates that enable unique authentication of the communication participants. In practice, however, their effective use requires configuration and management effort. To keep this effort to a minimum, the OPC UA standard already includes functions for administrative staff for these certificates integrated into the protocol. A so-called “Global Discovery Server,” or GDS for short, with certificate management support is required for implementation. The open62541-based GDS is an implementation of such a Global Discovery Server with certificate management. It offers the management of registered applications in an OPC UA network, as well as the management and distribution of certificates and trust lists.
To the Service
Security-Testing
Industrial automation and control systems (IACS) play an important role in modern production plants. Their robustness and safety are also becoming increasingly important due to progressive networking. Highly networked IACS are particularly susceptible to attacks from a distance, as they can be reached by an attacker from the network on the one hand, and can influence the production process on the other. Thus, an attacker has the possibility to cause damage to the production process without physical access. The attacker achieves this by exploiting weak points in the IACS. For this reason it is necessary to avoid weak points in IACS. One possibility for this is security testing. The aim is to detect weaknesses already during the development of IACS. If the vulnerabilities are already found during the development process, they can be closed before the IACS is used productively.
To the Product page
These exhibits can be found in Hall 6, Booth 128.
Your contacts: Christian Haas, Steffen Pfrang
Demonstrator »Interoperability connecting the value chain«
The demonstrator shows the interoperability between different implementations (open-source and commercial) of the AAS specification using a cross-company use case along the value chain. As part of this demonstrator, Fraunhofer IOSB presents the following tools from the FA³ST ecosystem for digital twins: Service, Registry, Viewer, and Client.
to the project page
This exhibit can be found in Hall 5, Booth 358 (IDTA – Industrial Digital Twin Association e.V.).
Your contact: Michael Jacoby
Fraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB 