Software and simulation

Solutions for maximum cyber security In the Industry 4.0 era – or more generally speaking, in the midst of the “digital transformation” currently taking place in the world – the networking of injection molding machines, robots and peripheral equipment is proceeding apace. We now have to meet the challenges faced in the field of plant security. Reports of attacks involving the WannaCry ransomware and similar malware really woke up plastics processors to the issue of security when it comes to cyber-physical systems and facilities. After all, the WannaCry case resulted in numerous very well-known companies suffering the worst case scenario for a manufacturing operation, namely an unplanned production shutdown for an unforeseeable period of time. Like other malware before it, WannaCry worked by exploiting a security vulnerability in the Windows™ operating system. The WITTMANN 4.0 security concept It is common knowledge that the most fundamental aspect of any security concept is regularly performing software updates so that above all the operating system is kept up to date. While doing this does not afford complete protection, it is nevertheless an important basic step. Performing updates automatically is not, however, feasible for production systems, since an update can have unforeseeable consequences for the functionality of the connected machinery or device. In the worst case scenario, an automatic update may end up causing a machine to shut down, leading to the dreaded loss of production. As such, production systems in an Industry 4.0 environment remain especially at risk and susceptible to any vulnerabilities in the operating systems in use being exploited. WITTMANN BATTENFELD injection molding machines with B6 and B8 controls as well as robots with the latest R9 control from WITTMANN prevent the operating system from being permanently compromised by viruses due to the fact that changes that affect the system are saved to an internal RAM disk via a Unified Write Filter mechanism. This makes it possible to restore the device’s operating system to its factory defaults each time the system is booted up. Because of this, viruses cannot become “embedded” in the system and affect it permanently. WITTMANN BATTENFELD has nevertheless tackled the wider issue of security and, in close cooperation with one of the leading cyber security companies in the industry, developed a security concept for networked WITTMANN 4.0 workcells that has already been implemented in the field. The development work was based on the assumption that the production network outside a WITTMANN 4.0 workcell could be compromised in terms of security even though the operator is naturally sitting behind a firewall. This is why the system architecture of a WITTMANN 4.0 workcell is designed according to the onion principle. The firewall of the customer’s network forms the outermost layer surrounding the WITTMANN 4.0 workcell. Because the security mechanisms and settings there are unknown to the manufacturing cells, this layer must be regarded as being “unsafe”. The next security layer is formed by a restrictively configured WITTMANN 4.0 firewall that is installed in a router specially developed for the purpose by WITTMANN. The software on the router is digitally signed and every step of the router’s boot routine is designed to be “secure”. This precludes an attack being made via a software update. In contrast to conventional off-the-shelf firewalls, the WITTMANN 4.0 firewall is tailored to the specific purpose of each device and function that may be expected to be a component of the workcell. The configuration of the firewall is therefore especially restrictive. With the exception of the OPC protocol, which is used for communication with an MES or ERP system via OPC UA, all communication ports are closed by default and can only be opened from within the workcell, and only by the operator performing specific, intentional steps. Communication with “the outside world”