Security for Industrial Internet of Things (IIoT)
SECURE COMMUNICATION – highly secure data communication for machines and production systems
The Industrial Internet of Things (IIoT) describes the digitalization of processes along the value chain and networking all components involved in these processes. This connects office IT and operational technology (OT) in production. This affects both the structure and responsibilities of two worlds which were previously strictly separated.
It is now essential for business to consider production infrastructure in their IT security strategies. Meanwhile, there are completely new attack vectors introduced by connecting machinery that must be monitored and protected by IT administrators. NCP’s software components offer a reliable and proven way to secure data communication for IIoT scenarios.
One key differentiator from NCP is its central management system, which provides visibility across all IIoT components.
Senior Cybersecurity Analyst at Frost & Sullivan
Designed for solution providers and end-users
By using NCP components, solution providers have the advantage that they do not have to worry about implementing a secure remote maintenance solution themselves. Automated solutions can be set up via defined interfaces between the provider’s system and NCP components. The customer can continue to use an application offered by the service provider as normal. Meanwhile, the connection is secured in the background through a solution managed by NCP. In addition to VPN gateways and management, NCP also offers custom branding for its VPN clients.
In addition to solution providers, end-users can also order individual software components directly from NCP and implement them regardless of their application, for example industrial machines, edge devices and charging infrastructure for e-mobility – all applications are covered.
Shared management for IT and OT
When IT and OT are linked in a given scenario, a central management component such as NCP Secure Management is an important component for managing secure communication between operational technology, IT and connected machines and systems. New approaches in IIoT also open up new attack vectors and this means aspects like communication between machines and the cloud need to be considered.
Companies can only establish high levels of security for their production IT and limit attack vectors through IIoT segmentation. To protect industrial systems adequately, it is essential to set up IIoT islands – logical groups of connected machines and systems that are centrally managed, monitored and secured (ID management, updates, etc.).
In addition to a clean structure, the ability to contain cyber attacks or incidents on a specific island is another added benefit of this approach. In this way, an incident can be isolated and the dissemination of possible malicious code is severely restricted. Production systems outside the island remain unaffected, reducing potential damages and enabling the affected systems and machines to be restored more quickly. Central management, such as IIoT Management, is therefore indispensable for controlling and monitoring production infrastructure.
All connections between the end devices and the IIoT remote gateway or the central IIoT gateway and the IIoT remote gateway are encrypted with advanced algorithms (for example using Suite B cryptography). For additional security, all machine certificates can be managed centrally in a public key infrastructure (PKI). This ensures unique authentication for all end devices. Each time a connection is established, certificates are validated against Certification Authority (CA) revocation lists (online or offline).
This feature is ideal for cloud environments or IIoT infrastructure, where multiple production sites share a platform. This is done using group assignment and a convenient rights management system. Administrators can only access the production sites they are assigned to. This means that data is kept secure and cannot be accessed from other protected areas.
Connected Cars – Fleet management
NCP has implemented digital fleet management for field staff vehicles with a linux-based black box which connects to a backend system. The black box and user’s device (for example a tablet) can connect to the company headquarters via VPN to communicate the distance traveled or order data securely.
Bank ATM networks must be encrypted due to the sensitivity of financial data. This project involved implementing VPN clients on ATMs which operate in headless mode and are hidden from the customer while providing a high level of encryption and security.
A secure solution was needed for mobile display screens in supermarkets, which allows employees to change the location of the device without any technical knowledge. NCP achieved this by using VPN clients with the seamless roaming feature that maintains the secure VPN connection without interruption even if the connection type (LAN/Wi-Fi/3G/4G) is changed. This technology is suitable for all types of digital signage, including hotels, medical practices, pharmacies and advertising displays.
The InfoSec Awards Winner „Publisher’s Choice- Internet of Things (IoT) Security“.