Software and simulation
WITTMANN BATTENFELD injection molding machines with B8 controllers, for example, can create an external connection via TeamViewer in order to make remote servicing functionality available, if desired. Having established a session, remote servicing allows a WITTMANN BATTENFELD office direct access to the authorized injection molding machine for the purpose of analysis. Manual authorization can likewise be issued for the WITTMANN Group’s QuickLook App. This allows an Android or iOS mobile device within the company’s network to view the machine status of WITTMANN BATTENFELD injection molding machines with B6 and B8 controls and WITTMANN robots with R8.3 or R9 controls. In this case, the WITTMANN 4.0 router tells the QuickLook App on which ports which machines and robots can be found. Every opening of an additional communication port does, of course, create another loophole and thus increases the potential risk of cyber attacks. Opening a port is, however, a deliberate act performed by the operator and the port only stays open for the duration of intended use. Protection against DoS attacks Another advantage of the WITTMANN 4.0 system architecture is that it protects production systems against so-called DoS (Denial of Service) attacks. These typically attempt to bombard the remote station with such an immense flood of requests that it may no longer be able to cope with its communications tasks and shuts down. If this flood of communications packets reached a production machine directly, it could well result in the machine shutting down completely. Within the WITTMANN 4.0 architecture, however, the only thing that may possibly shut down would be the router and thus only the communications with the MES/ERP system, though it may be assumed that this system would no longer be active at the time either due to network overload. The processing machines and other equipment within the affected WITTMANN 4.0 workcell are able to continue working unhindered, however. Over and above this, there is a basic protective mechanism in place intended to prevent the WITTMANN 4.0 router from shutting down in the case of a DoS attack. A special feature of the WITTMANN 4.0 router is that it is able to “estimate” the volume of communication traffic the internally networked devices typically have with an external MES/ERP system. The communication frequency of production equipment is known within certain bounds and can be predicted by dint of the OPC UA protocol used here and the coming EUROMAP standards based on it. Should this frequency vary atypically over the medium term, it must be assumed that there is an anomaly, such as a DoS attack. As a counter measure, the WITTMANN 4.0 router closes the socket being used for communication in order to prevent the socket being attacked. The functionality of the router is thereby maintained. WITTMANN 4.0: “Plug & Produce” At the core of a WITTMANN 4.0 workcell is a WITTMANN BATTENFELD machine with B8 controller, WITTMANN robot with R8.3 or R9 controller and the various WITTMANN peripheral devices. This zone is shielded from the outside world, thus allowing for secure operation with the operating system version supplied with the equipment. The latest peripheral devices from WITTMANN can be plugged in and out of a WITTMANN 4.0 workcell according to the “Plug & Produce” principle at will. After a newly attached peripheral device has been server authenticated by means of SSL/TLS protocol and key exchange via certificate, device identification is performed. The newly attached device identifies itself and is registered in the device list of the WITTMANN 4.0 router with the corresponding identifiers. The device list acts as a database that is used by the B8 controller of the WITTMANN BATTENFELD injection molding machine to configure the newly attached device. The peripheral devices have their own passwords that are used for logging in. Each device is supplied with a default password that can, and indeed should, be changed by the operator. The responsibility for password security lies with the respective operator, particularly as there are no factory default master passwords. The login process takes place using the previously established secure SSL connection. The actual data exchange between the various attached devices and ultimately to an MES or ERP system takes place via the standard OPC UA protocol. Communication between the injection molding machine and the MES system will in future be updated to use the EUROMAP 77 standard as soon as it is released – probably in September 2017. Various EUROMAP standards for the peripheral device communication via OPC UA are already in the standardization phase and will be implemented immediately they become available. Every WITTMANN 4.0 workcell is equipped with the aforementioned components and security mechanisms as standard so as to provide the operator with the best possible cyber protection and maximum machine and device availability. Over the course of numerous tests conducted by the cyber security company commissioned by WITTMANN, simulated attacks using a variety of different threat scenarios were acted out and tested by “white-hat” hackers. WITTMANN 4.0 proved itself to be robust in all scenarios and enabled production to continue uninterrupted within the entire workcell.
RkJQdWJsaXNoZXIy ODIwMTI=