Exhibitors & Products
Events & Speakers

On just over 50 pages , the cybersecurity experts explain the fundamentals of IT security. There is a great deal of concern in Western countries about cyberattacks. Indeed, the FBI and the German Federal Office for Security (BSI) have raised their warning levels in the wake of Russia's invasion of Ukraine and the subsequent sanctions. In the concluding summary of the report, the authors refer to "lowering the risk against compromise". Achieving complete prevention is impossible. This chimes with the experiences of IT experts.

Jürgen Weiss is one of them. In a Tagesspiegel Background briefing, he warned of likely attacks in the weeks ahead, saying that these would no longer involve ransomware but would focus on the destruction of data, in other words so-called wiper attacks. Russia's cyber forces are still on the defensive at the moment, but he warns explicitly against attack scenarios on critical infrastructure and financial institutions in the next few weeks. "No trains will be derailed, but the water supply will literally go on strike after 48 hours without electricity." According to the Managing Director of ARES Cyber Intelligence, 80 percent of the companies in his home country, Austria, are vulnerable. He adds that Germany is neither in the vanguard nor in the rearguard where cybersecurity is concerned. While underlining the threat of wiper attacks, Weiss at the same time expressly warns of copycat assaults.

A year before the attack on Ukraine, IT expert Christopher Bleckmann-Dreher warned in an article for HANNOVER MESSE: "Why is industry waiting for disaster? The unstoppable process of transformation will ensure that, ultimately, all industrial sectors venture into the digital world in order to remain competitive. In many cases the issue of IT security is not directly on the agenda." The disaster is coming about, and Bleckmann-Dreher is being virtually overwhelmed with orders these days. Experts are unanimous, however, that anyone only now starting to take action is already too late. In the aforementioned article , the Swabian-born IT specialist provided basic tips on how companies should take the first steps in IT security.

But it is not only on the IT side that companies are struggling with vulnerabilities. The operational technology (OT) in use by companies is likewise affected, most of all where industrial firms and the automation level are concerned. In the Bosch Rexroth podcast, Klaus Mochalski of Rhebo explains how the company uses the ctrlX CORE control system as network sensor. He and his colleagues have made monitoring the OT landscape their specialty. They still see Telnet connections, Raspberry Pis from student projects, that communicate with the outside world, and nobody knows what they are doing there in the factory and many companies have no overview of their assets. A problem that Bleckmann-Dreher, too, already identified.

Back to the analysis, which states: "The sensor application running on the ctrlX CORE control platform enables seamless integration into the Rhebo Industrial Protector." Mochalski and his colleagues have been analyzing the weaknesses in the OT for years. With Rhebo, the control system becomes a sensor node. This requires an app from the ctrlX World and a central analysis device.

The Rhebo team sees three applications:

  • Preventing disruptions at the fieldbus level – malware planted into a system via a USB stick, for example, is detected in the production cell before it can spread laterally to the entire network.
  • Active reaction to anomalies – Rhebo Industrial Protector provides a real-time and detailed overview of the systems and devices communicating in the IACS, as well as of the protocols and commands used. This enables rapid identification of anomalies, malfunctions or redundant processes.
  • Early detection of cyberattacks – Rhebo Industrial Protector's anomaly detection also reports events that occur before a cyberattack (reconnaissance phase). This includes address, port, and Profinet Discovery scans. The information thus obtained enables the blocking of exploration activities and prevents lateral movements.
  • Weiss, Bleckmann-Dreher and Mochalski are agreed that anyone only now starting to take action is already too late. The well-intentioned NSA report is of no help either in this context. The expertise – and that goes for OT security as well – is available. But those with responsibility must also invest. Perhaps the disaster will serve as a wake-up call to a lot of industrial companies.