DriveLock in practice
Use Case | Industry 4.0 Manufacturing
"Industrial cybersecurity is the process of protecting industrial control systems (ICS) from intended or unintended cyber threats that disrupt or harm people, processes, equipment, and the environment."
Production IT is no longer an isolated unit from internal IT. Here's why:
Production equipment are increasingly being controlled and monitored from outside: e.g. when technicians access production equipment via remote maintenance access, or company management wants daily reports from production.
The keyword IIoT (Industrial Internet of Things) describes a "smart factory" that is connected to the network, produces and processes data, and can be controlled via end devices.
This is made possible by the merging of IT and OT to ensure permanent accessibility of manufacturing and production control systems from outside. Consequently, these external networks can now be attacked from "outside".
In addition, classic production systems have a runtime of 7 to 10 years. In many cases, their operating systems are outdated because security updates are no longer provided. Also, the installation of updates hinders the production process. This makes the attacker's work much easier.
There have been two attacks on the industry which have gained notable attention:
The Stuxnet computer worm - originally used against Iran's nuclear program - attacked control systems and damaged other industrial companies as it spread
The Industroyer Trojan which paralysed Ukraine's power grid. The malicious code uses several communication protocols used by SCADA (Supervisory Control And Data Acquisition) systems, giving it capability to directly control electrical switches and circuit breakers.
Devices and data flow are controllable, only authorising the use of specified external media, such as USB sticks. Data can also be forcibly encrypted when writing to external media.
DriveLock also supports complete auditing of the use of external data carriers as well as logging of the data flow, including shadow copies.
Defend against attacks through application control using intelligent whitelisting (a list of permitted software applications that can be dynamically expanded).
The combination of device and application control effectively safeguards the manufacturing process. All interfaces of the PCs involved in the manufacturing process are monitored or blocked. The same applies to the applications used. The machine learning algorithm automatically manages the local whitelist and controls the execution of applications.
Nevertheless, service technicians must be able to import software updates, for example, via the USB interfaces of the devices. Simply insert the USB stick and accept the usage guidelines. Applications can now be installed in the production line in a defined time window. Machine learning ensures that all executed and copied files are whitelisted.
Online lessons and interactive training to raise employees' awareness, e.g. fake mails or phishing attacks through social engineering.
Complementing the protection measures, the DriveLock Control Center offers detailed reporting. Should an attack occur, this will enable you to determine what and who is specifically affected.
In fact, under the GDPR, you have an obligation to report cyber incidents. Here, it makes a significant difference whether you inform the general public about an attack in a blanket manner, or provide specific details to customers and business partners. With DriveLock's Control Center, you are able to name who and what was specifically affected.
Detection and forecast of security incidents, incident response and remediation, and monitoring of end devices.