Security for Industrial Internet of Things (IIoT) scenarios
SECURE COMMUNICATION – highly secure data communication for machines and production systems
The Industrial Internet of Things (IIoT) describes the digitalization of processes along the value chain and networking all components involved in these processes. Connecting office IT and operational technology (OT) affects the structure and responsibilities of both of these areas which have previously been strictly separated.
It is now essential for business to consider production infrastructure in their IT security strategies. Meanwhile, there are completely new attack vectors introduced by connecting machinery that must be monitored and protected by IT administrators. NCP’s software components offer a reliable and proven way to secure data communication for IIoT scenarios.
“One key differentiator from NCP is its central management system, which provides visibility across all IIoT components,” said Jason Reed, Senior Cybersecurity Analyst at Frost & Sullivan.
Solutions for partners and end-users
NCP’s solution portfolio is suitable for both partners and end-users. By using NCP components, solution providers have the advantage that they do not have to worry about implementing a secure remote maintenance solution themselves. Automated solutions can be set up via defined interfaces between the provider's system and NCP components. The customer can continue to use an application offered by the service provider as normal. Meanwhile, the connection is secured in the background through a solution managed by NCP. In addition to VPN gateways and management, NCP also offers custom branding for its VPN clients.
In addition to solution providers, end-users can also order individual software components directly from NCP and implement them regardless of their application, for example industrial machines, edge devices and charging infrastructure for e-mobility – all applications are covered.
SMART MAINTENANCE - secure remote maintenance and access to production infrastructure and machines
Remote maintenance requires flexible, highly available and secure access to machines and systems. This includes securing connections as well as protective measures against potentially compromised networks and end devices. During remote maintenance, identifying target systems can pose a challenge if networks are configured identically.
NCP components allow direct communication up to the correct destination through unique temporary IP addresses and authentication data of the gateways and clients (hardware or software-based). A clear remote maintenance concept and risk assessment are essential for remote maintenance solutions in the highly automated IIoT environment.
It must be clarified in advance which machines, systems and controls need remote access at all. Security must have the highest priority right from the start. Unauthorized access can have negative consequences right up to catastrophic failure of the entire production process. Remote maintenance should also be based on the principle of minimum privilege.
Granularity is critical for a secure solution. For example, remote maintenance systems must ensure that only the affected, authenticated machine can establish an encrypted connection for service by an authorized technician during a limited period of time. Connections must only be established from inside the production network. Remote technicians are therefore only granted access to a specific system requiring maintenance at any given point in time.
The remote gateway can be installed and used directly on systems, machines or dedicated upstream hardware components. However, it can also function as a (virtual) adapter and aggregate and transmit data from other devices (sensors, cameras, etc.), encrypting data if necessary. The central gateway receives the encrypted machine data from the remote gateway and transmits it to further processing systems such as edge devices or cloud platforms.
NCP has developed software components for secure data exchange for several Industrial Internet of Things (IIoT) scenarios. Several components at strategic points in the infrastructure work together to help companies to gain control and encrypt data securely:
- a remote gateway for the secure communication of systems, machines or systems
- a gateway for secure connection of the remote gateways
- a management system for administration, monitoring and integration into existing infrastructures
This ensures data integrity and authenticity required for cutting-edge applications such as AI, Big Data or Machine Learning. The high scalability of the solution ensures that additional encrypted tunnels can be set up for secure data communication, for example streaming live video to monitor machines from the control room. In this way, applications can be clearly separated.
Shared management for IT and OT
When IT and OT are linked in a given scenario, a central management component such as NCP Secure Management is an important component for managing secure communication between operational technology, IT and connected machines and systems. New approaches in IIoT also open up new attack vectors and this means aspects like communication between machines and the cloud need to be considered.
Companies can only establish high levels of security for their production IT and limit attack vectors through IIoT segmentation. To protect industrial systems adequately, it is essential to set up IIoT islands – logical groups of connected machines and systems that are centrally managed, monitored and secured (ID management, updates, etc.).
In addition to a clean structure, the ability to contain cyber attacks or incidents on a specific island is another added benefit of this approach. In this way, an incident can be isolated and the dissemination of possible malicious code is severely restricted. Production systems outside the island remain unaffected, reducing potential damages and enabling the affected systems and machines to be restored more quickly. Central management, such as IIoT Management, is therefore indispensable for controlling and monitoring production infrastructure.
All connections between the end devices and the IIoT remote gateway or the central IIoT gateway and the IIoT remote gateway are encrypted with advanced algorithms (for example using Suite B cryptography). For additional security, all machine certificates can be managed centrally in a public key infrastructure (PKI). This ensures unique authentication for all end devices. Each time a connection is established, certificates are validated against Certification Authority (CA) revocation lists (online or offline).
This feature is ideal for cloud environments or IIoT infrastructure, where multiple production sites share a platform. This is done using group assignment and a convenient rights management system. Administrators can only access the production sites they are assigned to. This means that data is kept secure and cannot be accessed from other protected areas.
Connected Cars – Fleet management
NCP has implemented digital fleet management for field staff vehicles with a linux-based black box which connects to a backend system. The black box and user’s device (for example a tablet) can connect to the company headquarters via VPN to communicate the distance traveled or order data securely.
Bank ATM networks must be encrypted due to the sensitivity of financial data. This project involved implementing VPN clients on ATMs which operate in headless mode and are hidden from the customer while providing a high level of encryption and security.
A secure solution was needed for mobile display screens in supermarkets, which allows employees to change the location of the device without any technical knowledge. NCP achieved this by using VPN clients with the seamless roaming feature that maintains the secure VPN connection without interruption even if the connection type (LAN/Wi-Fi/3G/4G) is changed. This technology is suitable for all types of digital signage, including hotels, medical practices, pharmacies and advertising displays.
The InfoSec Awards are specifically focused on finding innovative infosec players who have a presence in the United States and other countries.
In 2020 NCP was the winner in the award category Publisher’s Choice- Internet of Things (IoT) Security.
NCP was awarded the title BEST OF at the INDUSTRIEPREIS 2018. The award was presented by Initiative Mittelstand for the NCP Secure IIoT Solution in the category "IT and Industry".
Download our new
Frost & Sullivan White Paper „Securing Enterprise-Level IoT“.