IT security risks in the automotive sector
Process IT networks have to offer comprehensive protection against hackers
It is often impossible to implement the security mechanisms available in the office environment within industrial networks. The patching of systems and the installation of anti-virus software is frequently impossible. Despite this, networks of this kind have a high security requirement. In this respect, faults can cause huge problems to manufacturing, and in the area of critical infrastructure (energy, transport) they can cause injury or put lives at risk. To respond to the security-related requirements, in addition to the classic firewall, an alternative approach is necessary in order to rapidly detect attacks and viruses due to malware.
Security solutions from the office environment are insufficient
Patch management, anti-virus protection, firewalls and IPS are only suitable for ICS to a limited degree because additional know-how is required or the operation of the solutions is time-consuming. This is expressed, for example, in the high levels of maintenance outlay that anti-virus systems require. At the interface of the office to the process network, approaches like firewalls can be of benefit, but additional solutions like honeypots should also be used in the process networks.
The honeyBox fulfils the requirements of the industrial environment
For the operator of the industrial system, preventing that the availability of the systems from being put at risk is the overriding goal. Therefore, in every situation, a honeypot must remain transparent for the rest of the LAN, and it must not influence other systems in the event of a failure. In most cases, the honeypot hosts only act on a passive basis, which means that no impact on the other areas of the LAN is to be expected. With a correctly configured and adapted honeypot, operators of industrial systems are able to establish an important additional security level which optimally supplements the active protective mechanisms such as firewalls, anti-virus or intrusion prevention systems.
The honeyBox® has been developed especially for the industrial environment
Commercial honeypot systems, such as the honeyBox® industrial from secXtreme, have been developed especially for the industrial environment. The honeyBox® and other solutions are able to provide both low- and high-interaction honeypots in industrial environments. In the process LANs, they simulate virtual victim systems as bait so as to attract hackers. During their manual or automatic exploration of the network, the intruder comes across virtual honeypots in the LAN which appear to have a poorer level of security than the other systems.
No false alarm: the honeyBox® catches the hacker out and notifies the administrator
The administrator is notified of the attempted attack at the very first contact. The quality of the notification is very high, because responses are made to active hacking attempts only. In the ideal case scenario, for a superior overview, the notification can also be connected to the process visualisation. All notifications should be formulated on a clear and understandable basis so that operating personnel without technical knowledge of IT are able to ascertain the significance of the case immediately.