Cyber security expertise by ENGEL

In a world increasingly reliant on digital technology, cyber security has become an important concern for companies across all industries. This is especially true in the precision-driven fields of production, where the risks of cyber threats can have significant impacts. We sat down with Arnold Hofer, Head of Informational Security and Michael Riegler, Head of Product Security to discuss common cyber security worries and how ENGEL is addressing them with innovative solutions.

There's growing concern among our readers about the security of their intellectual property. They worry about proprietary designs and processes falling into the wrong hands. Can you go into more detail about the justified concerns? How does ENGEL deal with them?

Arnold Hofer: Intellectual property in the injection moulding industry, including specialised production processes, is crucial for maintaining a competitive advantage. The unauthorized sharing or theft of these assets could lead to significant financial losses and damage to our clients' market positions. For instance, if detailed process data for optimising production efficiency were to be compromised, competitors could replicate or exploit these strategies without the investment in research and development.

Michael Riegler: At ENGEL, we recognise that securing our injection moulding machines is a multifaceted challenge. On our machines, there's a wealth of data concerning the injection moulding process itself – specifically, various operational parameters that are critical for precise production. To safeguard this data, we combine proactive measures, continuous improvement, and collaboration with our customers.

These measures include:

• Firewall to protect network services: This acts as a barrier between our machines and potential external threats, blocking unauthorised access while allowing legitimate communication to pass.
• Encrypted connections: Ensuring that any data transmitted between our machines, the EDGE device, and external systems is encrypted, making it unreadable to anyone who does not have the encryption key.
• Access protection at the operating system: This involves configuring the operating system so that users have only the minimum levels of access necessary for their work. This minimises the risk of accidental or malicious modifications to the system.
• Hardened operating system: This includes the removal of all non-essential software, services, and accounts that could present security risks.
• On-demand software updates: Ensuring the stability and availability of our target systems is a top priority for us. Customers who require consistent software versions for their machine park, receive updates from the service technicians. Additionally, customers can obtain application updates through our customer service.
• Security in the development process: Embedding security considerations into the development lifecycle of our software, from design to deployment, to ensure that security is a priority at every stage.

Additionally, we offer specific recommendations for integrating our machines and EDGE devices into client networks securely. These guidelines are designed to ensure that the transition of machines into existing IT and OT infrastructures is seamless and secure, maintaining the integrity and confidentiality of data.

This comprehensive approach ensures that our customers can confidently use ENGEL machines, knowing they are equipped with the latest features, that are thoroughly tested, and have undergone a rigorous quality process.

Cyber security is a critical concern for businesses, particularly when it involves long-standing machinery. How does ENGEL approach maintaining the security of both newer and older machinery, and how do you work with customers to ensure their data remains protected?

Arnold Hofer: Keeping our customers' data safe is as important as the quality of our machines. We have a dedicated Information Security department. The team focuses on safeguarding our customers’ data at ENGEL and ensures that all our cyber security practices align with the rigorous standards set by ISO 27001. By adhering to these standards, we demonstrate our commitment to comprehensive security management and continuous improvement in our security protocols. This approach helps us maintain the trust our customers place in us, ensuring their data is protected at all levels within our company.

Michael Riegler: But we can't do it alone. Protecting data is a team effort that requires close cooperation between us and our customers. For example, by implementing additional security controls such as network segmentation or access controls. Production-critical networks should be separated from the office network and should not be accessible via the Internet. In addition, physical access should be restricted to authorised persons only. Secure remote maintenance is possible via the EDGE device after confirmation by the customer.

We work day by day on new and efficient ways to make our systems even more secure. No one can promise 100% security because security is a continuous process that never truly ends. That’s why we remain vigilant to quickly respond to security threats and incidents. This is especially challenging with our older ENGEL injection moulding machines, as the software and firmware cannot be updated as easily as a smartphone that is replaced every few years. We must also consider the operational safety of our machines, which is why we thoroughly test all updates. Through close collaboration with our customers and the continuous updating of our technology, we minimise risks and enhance security.

Disruptions in production can be costly. What measures has ENGEL implemented to minimise the risk of such interruptions due to cyber threats?

Arnold Hofer: Indeed, cyber attacks such as ransomware (encrypting data and holding it for ransom) and phishing (tricking someone into revealing sensitive information), can significantly disrupt production. To minimise the risk of a cyber attacks, ENGEL has implemented a multi-layered security architecture. This architecture not only protects our customers, but also helps ENGEL to remain able to deliver and ensures that customer data is well protected at ENGEL.

Michael Riegler: Security has been an important development focus since the development of the first digital solution from the ENGEL inject 4.0 product family continues to invest continuously in this area. For an ENGEL machine, system availability is very important.

Therefore, we address cyber threats with a process that starts at different stages of the development process and includes both software and hardware:

• Security by design begins with the selection of hardware to be able to guarantee continuous security. For example, we use a Trusted Platform Module (TPM 2.0) on the EDGE device for state-of-the-art data protection.
• Additionally, we minimised the number of hardware interfaces and implemented a firewall to protect network services. Only essential ports are released. In the worst case, the machines can be operated standalone with no network connection.
• For application security, we employ a hardened operating system, consider the secure development lifecycle and use tools for code analysis.
• We regularly scan the software suite for vulnerabilities, and penetration tests are routinely conducted by independent security consultants.
• Our continuous collaboration with security researchers enhances our cyber security measures by providing additional expertise and valuable insights. The test results and recommendations flow directly back into development.

With increasing attention on digital security and the potential risks of data breaches, can you explain how ENGEL ensures the security and confidentiality of client data and proprietary information in its systems? How can customers be confident that their information is secure with ENGEL?

Arnold Hofer: At ENGEL, ensuring the confidentiality and safety of client data like status reports and problem analyses is paramount. Our commitment to data security is reinforced through compliance with international data protection regulations. For instance, ENGEL adheres to the proposed Cyber Resilience Act (CRA), emphasizing our obligation to provide secure products and continuous updates. We also undergo third-party attestations to verify the effectiveness of our internal IT operational controls, ensuring our systems function as intended.

Michael Riegler: On the product level, we take a proactive approach to secure our devices and the data they handle. Hence machines are connected via the EDGE device as soon as data has to be transmitted outside the customer’s local network. Our EDGE devices employ state-of-the-art encryption techniques to protect data whether it's stored or in transit. To further enhance security, our devices are equipped with access controls to ensure only those with necessary permissions can access specific data. Additionally, we provide software updates for the EDGE device.

In a connected world, how does ENGEL safeguard the supply chain?

Arnold Hofer: In the interconnected world of manufacturing, our supply chain forms a complex network linking various suppliers, manufacturers, and customers. Following the newregulation of the European Union for a high common level of cyber security (NIS 2 Directive), we consider supply chain risks and conduct assessments. At ENGEL, we ensure that every data exchange within this network occurs only between authenticated parties. This is critical because if the chain is compromised, it could lead to severe consequences including loss of sensitive information, production downtime, and financial losses. To mitigate these risks, ENGEL employs a multi-layered security approach. We use strict authentication protocols ensuring that only verified devices, systems, and individuals can access and communicate within our network. Moreover, we educate our partners and employees on the importance of cyber security, fostering a vigilant and informed community.

Michael Riegler: ENGEL actively collaborates with industry partners and cyber security experts to stay updated on the latest threats and best practices to continuously improve security measures. Focusing on our EDGE devices, the security measures begin with the selection of hardware and software components. Each EDGE device undergoes rigorous verification checks as part of its onboarding process, which includes tokens and hardware certificates. This ensures that each device is authenticated and authorised before it becomes operational. By encrypting all data exchanged across the network, we further protect against unauthorised access and ensure that, even if data interception occurs, the information remains secure and unreadable.

Small and mid-sized businesses might lack a dedicated IT infrastructure. How can they be sure that using ENGEL solutions is safe for them?

Arnold Hofer: At ENGEL, we understand that small to mid-sized businesses face unique challenges in adopting advanced digital technologies, especially without extensive IT or OT infrastructure. This understanding drives the development of our digital products of the ENGEL inject 4.0 product family, which are engineered for easy integration into existing customer environment. These devices provide essential connectivity and secure remote management capabilities, designed to fit seamlessly into less robust IT environments. Additionally, under the proposed Cyber Resilience Act (CRA), we are mandated to consider principles like secure by default configuration and provide incident reports and security updates.

Michael Riegler: We help our customers to comply with the EU-wide NIS 2 Directive ensuring safe procurement and safe operation. Each EDGE device is built with robust security features to protect against cyber threats. This includes advanced encryption and secure communication protocols to ensure data protection and system integrity. We also prioritize comprehensive support and education for our customers, enabling them to effectively manage and enhance their cyber security measures. Our approach ensures that even businesses with limited IT resources can confidently use ENGEL solutions, knowing they are protected with state-of-the-art technology.

Security is an ongoing task that requires constant alertness and improvement. With regular updates, strict authentication protocols and a layered security approach, we provide comprehensive cyber security protection for your organisation. Through close collaboration with our customers and advanced security protocols, we ensure secure and easy connectivity.