Age is no protection against foolishness Brownfield security: Not only upgrading the functionality of existing systems, but also reliably protecting them against hackers.

A far cry from the safe side. Anyone who thinks they are immune to cyberattacks on their production systems because the machines and systems are already so old that they can do their job reliably without the cloud and the like can easily be mistaken. Age is no protection against foolishness, nor from the consequences of inadequate IT-OT security.

There are good reasons why manufacturing companies combine a planned retrofit – i.e., the refurbishing or modernization of existing plants or systems – with an analysis of their existing data networks. At the same time, they can implement measures to defend against cyberattacks.

“Anyone who thinks that they have isolated solutions in their production systems that cannot be accessed from outside is often mistaken”, reports Hauke Kästing, drawing upon his experience as a security expert at Phoenix Contact. "All it takes is just one Ethernet connector, especially when we are talking about inside perpetrators who open the door to production systems for hackers without even knowing it”.

For Hauke Kästing, internal perpetrators include the company’s own employees, who are usually the cause of a cyber incident without malicious intent, let alone criminal intent. “They might just want to charge their personal mobile phone during a night shift using a free USB port on the master PC. If they have malware on their device, it can infect the entire production system”.

If this is then connected to a single flat network which has no subdivisions into grouping subnets or no isolating VLANs (Virtual Local Area Network), then nothing stands in the way of an attack.

System users would do well to subject their IT-OT infrastructure to a comprehensive security analysis, especially in the course of a retrofit. This is all the more important when modernizations in the brownfield aim to replace old plant control systems. Integrating remote maintenance access, energy measurement data acquisition, and predictive maintenance as part of such projects can increase the productivity and availability of production.

The connection between operational technology on the factory floor and information technology in the office is now a reality. As soon as machine evaluations are run in real time or the switch from old fieldbus technology to industrial Ethernet communication is in the pipeline, island life is over.

Arntz Optibelt in Höxter, Germany, demonstrates how reliable security structures can be created during ongoing operations. The world's leading manufacturer of power transmission belts was faced with the challenge of upgrading old network structures and reliably improving security.