World Wide Web Router and IT Safety Law

The number of attacks on IT and Operational Technology (OT) systems has increased in recent weeks, months, and years. This also applies to public institutions which have increasingly become more attractive targets for cyber terrorists, hacktivists, Cyber blackmailers and politically-motivated attackers.

Operational Technology is increasingly being targeted. OT covers the hardware and software which monitors and controls the performance of physical devices, for example in hospitals, power plants and in public and freight transport.

In May 2021, the largest oil pipeline in the USA, the Colonial Pipeline which carries four million hectoliters of fuel per day was subjected to an attack. This sabotage resulted in a far-reaching fuel shortage on the East coast of the US. On 08 July 2021, there was a massive attack on the critical infrastructure (KRITIS) of the District of Anhalt-Bitterfeld which triggered the first cyber catastrophe in the history of the Federal Republic of Germany. On 08 June 2021, the news portal Heise reported that Wago had published a large safety update for their 750 series of PLC controllers in order to close twelve dangerous gaps. On 06 October 2021, Heise reported further that controllers for the Honeywell process control system Experion PKS can be attacked. According to Positive Technologies, malfunctions and sudden interruptions of technical processes could in the worst case lead to hazards with unforeseeable accidents.

For these reasons, transport providers will also have to increase the requirements of critical components. Such requirements will soon include sabotage, espionage and terrorism and not just the aspects of availability, integrity, authenticity and confidentiality factored in to date.

Verkehrsautomatisierung Berlin (VAB) is a supplier of Gateway solutions between the world wide web and critical infrastructure. In Secomea, VAB has found a partner who offers a remote-access solution with safety certification which complies with Germany’s Federal Office for Information Security’s IT Baseline Protection Catalogue, IEC 62443-3-3, IEC62443-4-2 Draft, which will soon be mandatory. The system is already used by large mechanical engineering companies and system integrators worldwide and also fulfils the demands of the most critical network administrators.

Together with developers at Secomea, our developers have found a way to transfer their SiteManagers to the HLUmulti router and execute them there as embedded applications.

The figure below illustrates how the system functions in simplified form.

The remote system can be a user who would like to dial into the HLUmulti for remote maintenance purposes, for example. To do so, he must have an account with the GateManager.
The access controller can additionally be controlled by various operator measures in the GateManager, for example with active operator consent to open the connection. A LinkManager can also be set up on a server, for example, which continuously retrieves/receives the data from downstream controllers via HLUmulti via this safe channel.

The LinkManager always sets up a secured, encoded and tunnelled connection via the GateManager to HLUmulti. Thanks to its technical properties, the HLUmulti can communicate with the GateManager via mobile communications (LTE) and/or network connection. The GateManager can be operated as a server application on the operator’s premises, at VAB or at Secomea.

Controller data can be retrieved as usual via this secured and certified interface, but now in line with the highest safety requirements.

With our certified safety solution you can fulfil the formidable requirements of ISO-62443 and secure your equipment in compliance with today’s standards.

Please get in touch if you would like more information.