Special requirements apply to IT infrastructures in manufacturing plants and in automatization processes. To prevent production downtime, especially system availability and meeting the real-time requirements of the communication technology is essential for production and control processes. Until recently, industrial environments and their IT networks have been separate from office IT and internet. But now, the industry is connecting more and more heterogeneous IT networks to improve production flow and reduce stock, even to networks outside of the producing company’s control.

Standard IT Security is not sufficient for Industrial IT

Firewalls and Virtual Private Networks (VPN) are considered stateof-the-art for protecting networks. These approaches are well established in the IT world. However, often they do not fulfill the specific requirements industrial environments pose, because they delay process relevant communication in part and may occasionally even cause an increased complexity. Furthermore, the protection of industrial networks’ borders or perimeters has different requirements. For example, remote maintenance of production plants: Here it is often imperative to involve service providers, which leads to a complex threat situation. Besides, conventional IT security architectures do not guarantee the high availability typically required for industrial plants, because office IT security requirements cannot be compared to the requirements demanded in production and automatization: For example, the manipulation of control systems may result in physical damage or even be dangerous for humans or the environment. Issues such as the warranty for leased machines have to be considered as well. This is why Fraunhofer SIT and its partners have developed an innovative solution, in which network nodes are safeguarded as sensitive constituents, thus providing a trusted basis for implementing secure information and communication infrastructures.

Hardware-based Trust Establishment

Fraunhofer SIT’s Trusted Core Network (TCN) is able to review a node’s identity and to guarantee the node’s desired state: For this TCN uses a distributed/redundant node control, checking in a peer-to-peer manner the identity and state of the neighboring nodes. A Trusted Network Discovery protocol facilitates locating all active devices within the direct environment. Using the Trusted Platform Module (TPM) the system identifies the node and compares the current state to the target state. Modifications or manipulations can thus be detected in a fast and distributed manner, alerts will be sent directly to central monitoring and the spreading of attacks and malware can be prevented. Besides the device’s identity, the Trusted Core Network reviews downloaded executable software and configuration data. If changes are found appropriate countermeasures can then be taken, so that essential functions may be maintained (resiliency), even in the case of manipulations or successful attacks on individual components.