Cyber security expertise from ENGEL

In a world increasingly reliant on digital technology, cyber security has become an important concern for companies across all industries. This is especially true in the precision-driven fields of production, where the risks of cyber threats can have significant impacts. We sat down with Arnold Hofer, Head of Informational Security and Michael Riegler, Head of Product Security to discuss common cyber security worries and how ENGEL is addressing them with innovative solutions. 

Arnold Hofer: Intellectual property in the injection molding industry, including specialized production processes, is crucial for maintaining a competitive advantage. The unauthorized sharing or theft of these assets could lead to significant financial losses and damage to our clients' market positions. For instance, if detailed process data for optimizing production efficiency were to be compromised, competitors could replicate or take advantage of these strategies without the investment in research and development.

Michael Riegler: At ENGEL, we recognize that securing our injection molding machines is a complex challenge. On our machines, there's a wealth of data concerning the injection molding process itself – specifically, various operational parameters that are critical for precise production. To safeguard this data, we combine proactive measures, continuous improvement, and collaboration with our customers.

These measures include:

• Firewall to protect network services: This acts as a barrier between our machines and potential external threats, blocking unauthorized access while allowing legitimate communication to pass.

• Encrypted connections: Ensuring that any data transmitted between our machines, the EDGE device, and external systems is encrypted, making it unreadable to anyone who does not have the encryption key.

• Access protection at the operating system: This involves configuring the operating system so that users have only the minimum levels of access necessary for their work. This minimizes the risk of accidental or malicious modifications to the system.

• Hardened operating system: This includes the removal of all non-essential software, services, and accounts that could present security risks.

• On-demand software updates: Ensuring the stability and availability of our target systems is a top priority for us. Customers who require consistent software versions for their machines, receive updates from the service technicians. Additionally, customers can obtain application updates through our customer service.

• Security in the development process: Embedding security considerations into the development lifecycle of our software, from design to deployment, ensures that security is a priority at every stage.

Additionally, we offer specific recommendations for integrating our machines and EDGE devices into client networks securely. These guidelines are designed to ensure that the transition of machines into existing IT and OT infrastructures is seamless and secure, maintaining the integrity and confidentiality of data.

This comprehensive approach ensures that our customers can confidently use ENGEL machines, knowing they are equipped with the latest features, that are thoroughly tested, and have undergone a rigorous quality process.

Arnold Hofer: Keeping our customers' data safe is as important as the quality of our machines. We have a dedicated Information Security department. The team focuses on safeguarding our customers’ data at ENGEL and ensures that all our cyber security practices align with the rigorous standards set by ISO 27001. By adhering to these standards, we demonstrate our commitment to comprehensive security management and continuous improvement in our security protocols. This approach helps us maintaining the trust our customers put in us, ensuring their data is protected at all levels within our company.

Michael Riegler: But we can't do it alone. Protecting data is a team effort that requires close cooperation between us and our customers. For example, by implementing additional security controls such as network segmentation or access controls. Production-critical networks should be separated from the office network and should not be accessible via the Internet. In addition, physical access should be restricted to authorized persons only. Secure remote maintenance is possible via the EDGE device after confirmation by the customer. In addition, physical access should be restricted to authorized persons only.

We work daily on finding new and efficient ways to make our systems even more secure. No one can promise 100% security, because security is a continuous process that does not have an end. Therefore, we remain vigilant to respond quickly to security threats and incidents. This is especially challenging with our older ENGEL injection molding machines, as the software and firmware cannot be updated as easily as a smartphone that is replaced every few years. We must also consider the operational safety of our machines, which is why we thoroughly test all updates. Through close collaboration with our customers and the continuous updating of our technology, we minimize risks and enhance security.

Arnold Hofer: Indeed, cyber attacks such as ransomware (encrypting data and holding it for ransom) and phishing (tricking someone into revealing sensitive information), can significantly disrupt production. To minimize the risk of a cyber attack, ENGEL has implemented a multi-layered security architecture. This architecture not only protects our customers, but also helps ENGEL maintain its delivery capability. It ensures that customer data is well protected at ENGEL.

Michael Riegler: Security has been a key development focus since the creation of the first digital solution in the ENGEL inject 4.0 product family. ENGEL continues to invest continuously in this area. System availability is crucial for our injection molding machines.

Therefore, we address cyber threats at various stages of the development process, including both software and hardware:

• Security by design begins with the selection of hardware to guarantee continuous security. For example, we use a Trusted Platform Module (TPM 2.0) on the EDGE device for state-of-the-art data protection.

• Additionally, we minimized the number of hardware interfaces and implemented a firewall to protect network services. Only essential ports are released. In the worst case, the machines can be operated standalone with no network connection.

• For application security, we rely on a hardened operating system, follow a secure development lifecycle, and use code analysis tools.

• We regularly scan our software suite for vulnerabilities, and routinely conduct penetration tests with independent security experts.

• We gain additional expertise and valuable insights through our collaboration with security researchers. The test results and recommendations are directly incorporated into development.

Arnold Hofer: At ENGEL, ensuring the confidentiality and safety of client data like status reports and problem analyses is a top priority. Our commitment to data security is reinforced by our compliance with international data protection regulations. We are also keeping a close eye on new EU regulations, such as the proposed Cyber Resilience Act (CRA), which requires us to provide secure products and continuous updates. We also undergo third-party audits to assess the effectiveness of our internal IT operational controls, ensuring our systems function as intended.

Michael Riegler: On the product level, we take a proactive approach to secure our devices and the data they handle. Machines are connected via the EDGE device as soon as data is transmitted outside the customer’s local network. Our EDGE devices use state-of-the-art encryption techniques to protect data whether it's stored or transmitted. To further enhance security, our devices are equipped with access controls to ensure only those with necessary permissions can access specific data. Additionally, we provide software updates for the EDGE device.

Arnold Hofer: In the interconnected world of manufacturing, our supply chain forms a complex network linking various suppliers, manufacturers, and customers. Following the new regulation of the European Union for a high common level of cyber security (NIS 2 Directive), we consider supply chain risks and conduct assessments. At ENGEL, we ensure that every data exchange within this network occurs only between authenticated parties. This is critical because if the chain is compromised, it could lead to severe consequences including loss of sensitive information, production downtime, and financial deficits. To mitigate these risks, ENGEL employs a multi-layered security approach. We use strict authentication protocols ensuring that only verified devices, systems, and individuals can access and communicate within our network. Moreover, we educate our partners and employees on the importance of cyber security, fostering a vigilant and informed community.

Michael Riegler: ENGEL actively collaborates with industry partners and cyber security experts to stay updated on the latest threats and best practices to continuously improve security measures. Focusing on our EDGE devices, the security measures begin with the selection of hardware and software components. Each EDGE device undergoes rigorous verification checks as part of its onboarding process, which includes tokens and hardware certificates. This ensures that each device is authenticated and authorized before it becomes operational. By encrypting all data exchanged across the network, we further protect against unauthorized access and ensure that, even if data interception occurs, the information remains secure and unreadable.

Arnold Hofer: At ENGEL, we understand that small to mid-sized businesses face unique challenges in adopting advanced digital technologies, especially without extensive IT or OT infrastructure. This understanding drives the development of our digital products within the ENGEL inject 4.0 product family, which are engineered for easy integration into existing customer environments. These devices provide essential connectivity and secure remote management capabilities, designed to fit seamlessly into less robust IT environments. Additionally, under the proposed Cyber Resilience Act (CRA), we are mandated to consider principles like secure by default configuration and provide incident reports and security updates.

Michael Riegler: We help our customers to comply with the EU-wide NIS 2 Directive ensuring safe procurement and safe operation. Each EDGE device is built with robust security features to protect against cyber threats. This includes advanced encryption and secure communication protocols to ensure data protection and system integrity. We also prioritize comprehensive support and education for our customers, enabling them to effectively manage and enhance their cyber security measures. Our approach ensures that even businesses with limited IT resources can confidently use ENGEL solutions, knowing they are protected with state-of-the-art technology.