Germany English
  • Blog
OT-Security
OT-Security
Company

Tech Podcast: The OT security sins of the industry

In the "Industry rethought" podcast channel from Bosch Rexroth, Klaus Mochalski, CEO of Rhebo, explains how the company uses the ctrlX CORE controller as a network sensor and what security sins he finds in the OT infrastructure

Mochalski and his colleagues specialise in security monitoring and attack detection in the OT landscape. They still see Telnet connections, Raspberry Pis from student projects and communication that has no business in the OT. As a rule, this is the first time OT operators find out what is actually happening in their OT. The Leipzigers want to change that and are using technology from Bosch Rexroth to do so. "The sensor application running on the ctrlX CORE enables seamless integration into the Rhebo Industrial Protector," they say. Mochalski and his colleagues have been analysing the weak points in OT for years. At Rhebo, the control system becomes a sensor node. This requires an app from ctrlX World and a central analysis device.

The Rhebo team sees three use case

  • Preventing malfunctions at fieldbus level - malware that is introduced into a system via a USB stick, for example, is detected in the production cell before it can spread laterally to the entire networ.
  • Actively respond to anomalies - Rhebo Industrial Protector creates an up-to-date and detailed overview of the systems and devices communicating in the IACS, as well as the protocols and commands used. This enables quick identification of anomalies, malfunctions or redundant processes.
  • Detect cyber attacks early - Rhebo Industrial Protector's anomaly detection also reports events that occur before a cyber attack (reconnaissance phase). This includes address, port as well as Profinet discovery scans. With this information, it is possible to block reconnaissance activities and prevent cross-movements.

And what dangers do the experts see in manufacturing?

Rank 5: Infections with malware. Computers with outdated operating systems are not uncommon on the shop floor. As soon as the systems are connected to the network, the malware finds its way in. "The computers feed in the malicious code and reload modern malicious code," explains Klaus Mochalski.

Rank 4: Insecure authentication methods are, for example, user names or passwords in plain text. In addition, according to Mochalski, these are still often exchanged via Telnet.

Rank 3: Load fluctuations are another problem when it comes to OT stability. This concerns remote maintenance connections.

Rank 2: Vulnerabilities in permanently installed assets. These are often already documented vulnerabilities. Patches are often not feasible. In this case, Mochalski recommends encapsulating the systems.

Rank 1: "It's not very spectacular," says Mochalski. Many users have no overview of their assets. Time and again, his colleagues find services, protocols or devices that are active on the network but no longer needed. In a steelworks, for example, several Raspberry Pis from a student project were found from the time before the hall was connected to the internet. "And suddenly the systems were connected to the network," Mochalski recalls.

The whole interview and other episodes on the factory of the future in our tech podcast channel "Industry rethought" on all known platforms or you can subscribe directly here via Podigee (only available in German).

Contact person for the Bosch Rexroth Tech Podcast: Susanne Noll

Please feel free to contact Bosch Rexroth!