There is no doubt that cloud computing and the Internet of Things have affected the world of industry. IIoT solutions and digital services offer a high potential for optimizing industrial facilities. Before choosing and implementing a new digital solution, the question of cybersecurity in industry plants arises.
When used for protecting operating plants as well as the intellectual property of a company, all new digital technologies must be proven to be safe. What are the exact data security criteria for assessing the safety of a digital service? And what about the information security management of Netilion, the IIoT ecosystem offered by Endress+Hauser? To what degree can you rely on its information security management?
What are the major aspects of cybersecurity in industry regarding the processing of sensitive data?
Whenever an IIoT solution is implemented in an industrial facility, it contains sensitive data that require a special degree of protection. Furthermore, the connectivity to the Internet needs permanent attention and care. Technology is developing very fast and every system must continuously follow the evolution of cybersecurity – in an industry plant as well as elsewhere.
Reliable information security management comprises not only data encryption, it also requires an overall approach including:
- Compliance to legislation and standards: Relevant legal guidelines and recommended norms should be fulfilled (e.g. ISO 27001, GDPR, etc.).
- Data security: It is self-evident that an IIoT solution will contain sensitive data. These need to be treated with care according to strict processes.
- Server locations: Whenever the technology of cloud-computing is used, data will be stored on servers hosted by the provider. Due to local jurisdiction, the location of the servers indicates a higher or lower level of cybersecurity. European locations offer the highest standards thanks to the data privacy law.
- Organizational processes: Cybersecurity is not possible without employing organizational processes that define which data should be treated by whom, in which ways and at what moment.
- Transparency: Trustworthy providers of digital solutions have a clear and transparent support system which shows to the customer the status of his inquiry at any moment.
- Application features: The user interface of a digital service must have relevant cybersecurity features concerning passwords, logout, etc.
All those points need to be considered, implemented and regularly checked when providing an IIoT technology. Existing audit and standardization frameworks, laws and best practices can be a practical support during the implementation.
How safe is the cybersecurity level of Netilion?
Endress+Hauser has proved that its IIoT ecosystem Netilion meets high standards in information security by submitting it to EuroCloud’s Star Audit assessment. From the first day onwards, criteria relating to Information Security Management received the utmost attention and serve as a helpful guideline for implementing digital services and ensuring good cybersecurity in industry.
- Compliance to legislation and standards: In establishing a professional information security management using IIoT technologies, the Netilion ecosystem meets the following basic standards.
· ISO 27001 Information Security Management
· ISO 20000 Service Management System
· ISO 9001 Quality Management System
- Data security: Customer data stored and processed in the Netilion ecosystem are always treated with utmost care. Users have the right to enter, access, update and delete their data. All measures fulfill the requirements of the GDPR.
- Server locations: The servers on which the Netilion ecosystem is based are located in Frankfurt and Dublin. From a cybersecurity point of view, servers located in the European Union are regarded as very safe.
- Organizational processes: Endress+Hauser has set up processes for reacting quickly in cases of data security emergencies, all compliant to GDPR. The affected parties will be informed immediately and counteractions will be taken.
- Transparency: Endress+Hauser has implemented a transparent support process which informs the customer in a clear way how his inquiry is treated.
- Application features: The user interface of the Netilion IIoT ecosystem has all necessary features, including, but not limited to, a state-of-the-art password guideline, automated password management, timed logout and export functions.
To which other aspects of cybersecurity in industry does the Netilion ecosystem comply?
There are a number of criteria that are considered essential for a professional information security management and which are covered by the Netilion ecosystem:
- Encryption of sensitive information: The IIoT ecosystem Netilion from Endress+Hauser provides professional protection of information:
· Passwords are encrypted with ‘bcrypt + salt + pepper’.
· User identification works with OAuth2 enabled tokenized procedures.
· Communication is https encrypted.
- Transfer of process data via gateways: When considering cybersecurity in industry plants, one point that requires utmost attention is the gateway, as it is the point of access. The Netilion enabled gateways utilize one-way communication: field data are passed by the gateway and sent to the cloud, but communication in the the other direction is prohibited. This architecture is designed to protect the field against manipulation.
- Certification: The Netilion ecosystem was awarded 4-star certification in its EuroCloud Star Audit. This means its information security management is of high quality and optimum cybersecurity standards for industry plants are upheld.