Industrial security You can protect your systems against cyberattacks effectively with our comprehensive 360° security concept.

Industrial security
Risk of cyberattacks

Cyberattacks pose a serious threat to individuals, companies, and government agencies

Cyberattacks as a top risk Cybersecurity is a decisive factor in the modern business world

The importance of cybersecurity has increased significantly in recent years. This is because the increase in cyberattacks is presenting major challenges for companies and public institutions. At the same time, increasing networking and digitalization means more points that are vulnerable to attack. In the European Union, for example, there is a ransomware attack every eleven seconds. And the attackers and attack methods are becoming more and more professional.

Implementing a comprehensive security strategy is essential to protect against ever-evolving threats and to prevent sabotage, downtimes, and data loss. Cybersecurity is a decisive factor in ensuring the operational capability of your company.

NIS 2 cybersecurity

The implementation of cybersecurity measures is becoming law

Cybersecurity is becoming law The implementation of cybersecurity is no longer only mandatory for critical infrastructures

The digitalization of production, product, and customer data is one of the decisive factors for increasing the added value of a company. Therefore, this data must be given special protection.

The EU Commission recognized this and presented a European strategy for cybersecurity in December 2020. This defines standards for the security and defense capability of components, systems, and companies against cyberattacks. Legal requirements for the implementation of cybersecurity have long been established for critical infrastructures. This is now being extended with NIS 2, the new EU Network and Information Security Directive. However, the high requirements of the NIS 2 Directive can only be met if the products used have been developed in accordance with security-by-design. The Cyber Resilience Act (CRA) was defined by the EU to address this challenge. The new EU Machinery Regulation supplements the CRA, which also sees machines as a product.

Discover the “Mission OT Security” podcast
Cybersecurity podcast
Our security podcast provides valuable insights into how companies can protect their systems and networks while meeting the strict specifications of the new legal directives. In each episode, different topics are illuminated, real insider stories are shared, and tips are given for a successful cybersecurity strategy. Listen to the podcast now!
To the podcast
Cybersecurity podcast

Cybersecurity in industry


Cybersecurity in industry: The combination of IT and OT

The requirements of ICS and IT security must be taken into consideration

Combination of IT and OT

The security of your company is rooted in two different worlds: IT (information technology) and OT (operational technology). To properly protect your networks and systems, both worlds need to be considered and a comprehensive security concept is required. An effective and efficient approach can only be developed through coordinated action.

The IEC 62443 series of international standards aims to provide support for the secure operation of industrial automation systems (ICS systems), from design, through implementation, to management.

To this end, it sets out basic requirements for component manufacturers, system integrators, and operators. IEC 62443 builds on standard ISO 27001, which mainly consists of rules for IT security. Together, the two standards provide a holistic approach to protecting against cyberattacks.

Networking offers significant opportunities, but also risks

The benefits of expanding networks, such as increased productivity or flexibility, are obvious. But increased networking and the resulting convergence of IT and OT mean that company networks have more points that are vulnerable to attack.

Criminals repeatedly succeed in exploiting potential vulnerabilities in the IIoT (Industrial Internet of Things) and thus gain access to companies and infrastructures. This raises the question of how large-scale automation environments can be networked while simultaneously ensuring that industrial systems are protected from hacker attacks and malware. The following points provide an overview of the biggest threats and possible precautionary measures.

Malfunctions from the office
The threat: Malfunctions and viruses, such as from the office environment, can be transferred directly to the production area. The solution: Network segmentation. By splitting large networks into small segments, data exchange between the various zones, e.g., between production and the office or between different system parts, can be controlled. The individual segments can be separated using VLANs or firewalls. Routers or layer 3 switches then need to be used for communication between the individual network segments. These devices intercept typical network errors, preventing them from spreading further to the rest of the network.
Hacker attacks
The threat: Criminals can copy data or make changes to the system via an open Internet connection. The solution: Encrypted data transmission. It should not be possible to access automation systems from the Internet. This protection is achieved by using a firewall for Internet access, which restricts all incoming traffic as well as outgoing traffic to the requisite, authorized connections. All wide area connections should be encrypted, e.g., via VPN with IPsec.
Infected hardware
The threat: Infected hardware, such as USB sticks or laptops, can transfer malware to the network. The solution: Protect ports. Using the port security function, you can make settings directly on your network components, preventing unknown devices from exchanging data with the network. Furthermore, any available ports that are not required should be switched off. Some components also offer the option of sending alerts via SNMP and signal contact if unauthorized access to the network is registered.
Secure remote access
Threat: Changes are inadvertently made to the wrong system from a remote location. Solution: Secure remote access. Secure remote access to one or more machines can be implemented using different technological solutions. First, outbound communication can be encrypted, e.g., via IPsec or OpenVPN. Second, remote maintenance can be initiated via a key switch on the machine. This ensures that only intended changes are made to the machine. At the same time, the key switch also enables the communication rules in the network to be blocked while remote maintenance is being carried out.
Mobile end devices
Threat: Unauthorized smart devices connect themselves via the WLAN interface. Solution: Secure WLAN password assignment. If WLAN passwords are known and have not been changed in a long time, this also affords third parties uncontrolled access to the machine network. WLAN components from Phoenix Contact therefore enable automated key management by the machine control system. This means that secure WLAN machine access can be easily implemented in the form of one-time passwords. In addition, WLAN communication can be protected and isolated from the rest of the network using a demilitarized zone (DMZ).

Our cybersecurity concept


360° security cycle

Our comprehensive 360° security concept

360° security – our comprehensive range without compromises

Good protection against cyberattacks can only be achieved if coordinated technical and organizational measures are intermeshed. We therefore provide 360° security, which simplifies the protection of systems and secures them from all sides:

Secure services
Our trained and knowledgeable security specialists will advise you on how to minimize the specific security risks in your system and will develop a security concept (certified in accordance with IEC 62443-2-4) on request. We can share our knowledge with you in training courses to bring your employees up to speed on cybersecurity.

Secure solutions
Our security concepts protect your critical processes, e.g., with the help of zone concepts, data flow control, and the use of hardened components. Secure processes are also established and documented.

Secure products
Security is embedded in the entire lifecycle of our products. It starts with a secure development process (certified in accordance with IEC 62443-4-1), and includes the integration of important security functions as well as regular updates and security patches.

LinkedIn logo

LinkedIn: Industrial communication and cybersecurity Become a part of our community now!

Industrial communication networks enable us to reliably transmit data from the field, through the control level, all the way to the cloud. Our Industrial communication and cybersecurity LinkedIn page provides you with interesting information on network availability, cyber security, remote maintenance, and much more. Become a part of our community!