Reports of attacks on the IT systems of industrial plants are becoming increasingly common. Therefore security awareness is also growing in industry. While office IT security solutions have come to be fully accepted and standards have been harmonised at international level, Industrial IT Security is still a relatively new discipline. Standards are still under development and far from harmonised, and the issue of certification is still unclear. While international standardisation and harmonisation is a process that can take years, maximum security for your industrial plants must be realised today.
We offer support right from the start: we analyse the IT security of your production facilities to identify existing vulnerabilities, develop a security strategy customised to your needs and align it to the applicable codes and standards.
Traditionally, manufacturing companies have focused on ensuring functional safety based on internationally recognised standards. As networking becomes more rampant, the importance of IT security increases. However, the security strategies in office IT cannot be simply applied to industrial IT. Given the real-time requirements, hardware resource constraints resources as well as the lack of employee awareness and know-how, a thorough approach needs to be adopted to assure safety and security.
- Review of the design and configuration of systems and applications
- Vulnerability analysis
Our analysis are based on national and international industrial IT security standards:
- VDI/VDE 2182 information Security in Industrial Automation
- ISA S99 Manufacturing and Control System
- ISO 27001 Information Technology - Security Techniques - Information Security Management systems - Requirements
- IEC 62443 Security for Industrial Process Measurements and Control - Network and System Security
Specific standards for the energy sector:
- BDEW White paper (for energy industry)
- Security guidelines by North American Electric Reliability Corporation (NERC)
- IEC 62351 Power systems management and associated information exchange - Data and Communication security
Potential threats involved in connecting office and industrial IT networks.