Exhibitors & Products
Events & Speakers

Do I have to run a platform myself? And how do I get out of it if in doubt? Users are asking themselves these questions, exhibitors at HANNOVER MESSE will answer them. At the same time, those responsible are talking about more connectivity – not everyone will like Google down to the shop floor, but it is now a reality thanks to OPC UA. In reality, open source is no longer just for hobbyists. Industry is discovering the power of free software.

The grave sin of OT security

It is not only on the IT side that companies are struggling with vulnerabilities. OT in companies is equally affected, and there it mainly affects industrial companies and the automation level. In the Bosch Rexroth podcast, Klaus Mochalski of Rhebo explains how the company uses the ctrlX CORE controller as a network sensor. He and his colleagues specialize in monitoring the OT landscape. They are still seeing Telnet connections, Raspberry Pis from student projects communicating with the outside world, and no one knows what they're doing there in the factory; many companies don't have an overview of their assets. This is a problem that Bleckmann Dreher also identified. Back to the analysis: "The sensor application running on the ctrlX CORE enables seamless integration with the Rhebo Industrial Protector," they say. Mochalski and his colleagues have been analyzing the weak points in OT for years. Rhebo turns the controller into a sensor node. This requires an app from ctrlX World and a central analysis device.

The Rhebo team sees three use cases:

  • Preventing fieldbus-level interference – malware that is introduced into a system via a USB stick, for example, is detected in the production cell before it can spread laterally to the entire network.
  • Actively responding to anomalies – Rhebo Industrial Protector creates an up-to-date and detailed overview of the systems and devices communicating in the IACS, as well as the protocols and commands used. This enables rapid identification of anomalies, malfunctions or redundant processes.
  • Detecting cyberattacks early – Rhebo Industrial Protector's anomaly detection also reports events that occur before a cyberattack (scouting phase). This includes address, port as well as Profinet discovery scans. With this information, it is possible to block reconnaissance activities and prevent lateral movements.