WHITE PAPER

SECURING THE EDGE FOR INDUSTRY 4.0

THOUGHT LEADERSHIP, INSIGHTS & SOLUTIONS

BY SECUNET INTERNATIONAL GMBH & CO.KG

Page 2

Table of Contents

1 Executive Summary 3 2 IT and OT Convergence 4 3 Protect: Protecting Things at the Edge 7 4 Connect: Integrating Things in IoT 9 5 Detect: Monitoring to Increase Resistance to Cyber-Attacks 13

6 Digital Transformation: Industry 4.0 Use Cases 14 7 A One Box Approach: Trusted Edge Platform 16 8 Conclusion 18

Appendices

Edge Computing: security with modular & scalable capabilities 19

About G+D, secunet and advance52 20

August 2019 © Copyright 2019: secunet International GmbH & Co. KG

Page 3

1 Executive Summary

Industry 4.0 converges Information Technology (IT) with Operational Technology (OT), bringing together two worlds that were previously completely separate. Connected devices, machines and sensors (or things) in Industry 4.0 ecosystems increase the complexity and provide endless new opportunities for cyber criminals to launch attacks. The fourth industrial revolution is commonly used to describe the digitisation of the production environment and promises enormous potential as enterprises set strategies in digital transformation. The companies already on this digital journey can clearly demonstrate the relevance, importance and opportunities provided by this revolution and they have created dedicated cross functional and agile teams to identify use cases in their own organisation as well as in the broader industrial sector for digital adaptation. This white paper titled “Securing the Edge for Industry 4.0”, will examine the convergence of the IT and OT environments and then look at how edge computing – defined here very simply as the transfer of computational capacity out of the cloud to the edge, which is driving new ways to deliver a more holistic approach and brings IT security into the OT environment. It will also look at digitisation in the context of Industry 4.0 use cases as well as offering ideas for a scalable, modular and secure solution in edge computing based on the principles of protecting, connecting and detecting through a single device that can provide a flexible, future-oriented and cost-effective platform for current and emerging application use cases in Industry 4.0.

Page 4

2 IT and OT Convergence

The German Federal Office of Economic Affairs and Energy describes the production environment in Industry 4.0 as being more flexible, individual and efficient. 1 Fast Fact: Production volume will increase by 20 - 25 percent and the downtime of machines in the production environment will be reduced by up to 45 percent through the adaptation of Industry 4.0. 2 The primary driver for this scenario is the masses of data generated by real components and sensors (or things) in the production environment, which are processed, correlated and analysed by digital structures to provide real time insights, enabling timely and better decision making.

IT Security: a critical factor in digitisation! The basis of digitisation and Industry 4.0 is the networking of the separate worlds of information technology (IT) and operational technology (OT). Things in the OT environment are centrally controlled and monitored, work together with information and communication systems from business IT and are dependent on IT services inside and outside of their own organisation. However, this level of connectivity inevitably leads to new challenges and risks. The evidence clearly shows the acute and ever-present danger of cyber-attacks and that precautions are necessary to protect against them. IoT security is a real and ever-present challenge for organisations, because the IoT world consists of so many internet-enabled devices other than computers, which often go unpatched and are often configured with default or weak passwords. Unless adequately protected, IoT things could be used as a separate attack vector considering CIA – confidentiality, integrity and availability of data.3 Fast fact: 83% of companies with more than 1,000 employees are affected by attacks several times a month – half of them almost daily. 4 Today, operators are faced with cyber security threats that were not present in the working environment of engineers and technicians in the past. The German Federal Office for Information Security reported that cyber-attacks on things in the OT world are almost identical with those attacks in a classic IT environment. 5 This makes the requirements for the measures that are necessary to counter such threats and attacks much more complex. The implementation of such measures is a critical factor in the securitisation of a successful digitisation strategy. As a result, things in the OT environment have the same need for secure protection as classic IT systems. However, established approaches for preventing cyber security attacks that are already in place cannot be mapped to the OT environment. Things operated in an OT environment more often than not have long life cycles, sometimes several decades as well as long (or often constant) run times. Regular updates, changes and patching that are common, routine and almost mandatory in the classic IT environment are necessary to maintain a state-of-the-art security level. In the OT world, such an approach is clearly not feasible for various reasons: lack of standard processes, for example in patch management for installing regular updates or missing test environments for ensuring functionality after a change, often reinforce the operator’s fear of system failures as a result of changes. The cost factor of compliance also can contribute to short cuts by not updating security, as certifications often have to be maintained.

1 German Federal Ministry of Economic Affairs and Energy, Industrie 4.0, https://www.bmwi.de/Redaktion/EN/Dossier/industrie-40.html, last visited July 2019 2 McKinsey Digital, Industry 4.0 - How to navigate digitization of the manufacturing sector, 2015 3 https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA 4 Deloitte, Cyber-Security Report 2017 – Teil 2, 2017 5 German Federal Office for Information Security, Industrial Control System Security, 2019

Page 5

Networking unprotected and outdated components also present a significant risk to the proper operation of the machine, device or thing as it does to all the other participants in the network, which can leave the door wide open for cyber-attacks. Again, due to a machine’s long-life cycle and insufficient consideration of IT security on the part of the machine manufacturer, machines can have in-built security vulnerabilities or weak protection mechanisms. When such machines are connected directly to the internet, they are visible and therefore can be detected by specialised search engines such as Shodan6. Attackers can easily find these things and gain access via inherent in-built vulnerabilities and/or weak access mechanisms. Most people are aware of the connected “fish tank”, that allowed the tank to be remotely monitored, automatically adjust temperature and salinity and automate feedings. Hackers were able to steal the casino’s high-roller database after gaining access to its network via the smart thermostat in a fish tank in the lobby of the casino! Fast Fact: Damage caused by a cyber-attack is nearly always critical:

▪ loss of availability of “things” - downtime

▪ data leakage

▪ physical damage - infrastructure or people

▪ decrease in product quality

▪ consequences for company & personnel – including fines

▪ brand and reputational damage

▪ regulatory and corporate governance issues

The relevance and importance of the need for the establishment of security measures for things in the area of OT is demonstrated by the vulnerabilities that are present in the remote desktop services of current users as well as operating systems that are no longer supported. 7 Due to the critical nature of these vulnerabilities, updates have even been released by the manufacturer for versions of the operating system that are no longer supported. 8 Despite these counter measures, operators and manufacturers of systems continue to face major challenges for the reasons mentioned already: installation of these updates cannot be performed at all or are unable to be carried out within a reasonable timeframe. In one of many scenarios, machine-generated data from medical devices could be manipulated through a lack of protection of the information being transmitted over the network with the manipulation not being detected and the operating personnel accepting the results as valid. 9

6 https://www. shodan.io/ 7 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708, last visited July 2019 8 https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708, last visited July 2019 9 Yisroel Mirsky, Tom Mahler, Ilan Shelef, and Yuval Elovici, CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning, 2019

Page 6

However, focusing solely on securing things is not enough. IT security serves as a foundation and enabler for digitisation, so that all use cases can and should be based on it. Therefore, a more holistic concept is needed, which brings IT security into the OT environment, especially by keeping the IT security level as high as possible. It also carefully considers and provides connectivity to internal as well as external services such as platforms. The following functions are combined in a single solution. Table 1 below outlines a “protect”, “connect” and “detect” solution model:

FUNCTION: SOLUTION:

Protect Securing networking & regulating the communication behaviour of things.

Connect Providing 3rd party software for flexible integration of things in IoT/Industry 4.0 applications.

Detect Monitoring of things & communication to effectively defend against cyber-attacks.

Page 7

3 Protect: Protecting Things at the Edge

The constant threat of cyber-attacks in the OT environment is not unlike that in the classic IT framework. The need to establish, maintain and protect the highest possible level of IT security is also required in OT. However, the strategy for implementing IT security must be adapted in the OT world. The challenges, risks and demands of the OT environment need to be carefully considered. The use of standard security systems is not sufficient for various reasons: the enterprise firewall is neither sufficient in terms of its structural form, nor is it often be able to withstand the extreme and harsh external influences encountered, such as heat, dust and vibration. Standard security systems also lack an understanding of the protocols used in OT. One approach for establishing IT security for things in OT is to completely decouple (or segregate) them from the IT environment, so that the key components of a thing are no longer directly part of the IT infrastructure. For this to happen, a communication interface is created between the cell network of the OT environment, in which one or more things are operating and the IP-based IT network. The communication interface completely isolates the connected things from the IT network by providing security features to secure these things. Since the interface itself becomes part of the IT infrastructure, it can be confronted by cyber security threats. Therefore, the communication interface must always maintain its own IT security at the highest possible level for its own protection as well as being “hardened” to increase resistance from cyber-attacks.

Graphic 1: Integration of security system as a communication interface between a thing and network

The implementation of such an approach takes place through a specially designed security system for OT environments, which is placed between the thing and the network. It provides a secure interface for communication between the OT cell network and IT infrastructure. Fast Fact: This approach for protection is equipped with various security features. A security system that functions as a gatekeeper for connected things & reduces their visibility in the network – “if it is less likely to be seen, it is less likely to be attacked”. The integrated firewall function enables micro-segmentation of the network, which creates a dedicated segment thereby completely isolating the thing connected to the security system from external factors. Any incoming and/or outgoing communication is always routed via the security system, making the data flow between the network segments completely controllable. If things communicate in the network with non-secure protocols, neither the confidentiality or the authenticity of the data generated by a thing can be relied upon. As a result, there is a high risk of manipulation or unintentional capturing of the network traffic by third parties. A protocol

Page 8

translation from an insecure to a secure protocol prevents the unsecured transmission of data in the network. For this purpose, the data sent by a connected thing to the security system is translated “on the fly” and forwarded using a secure protocol, e.g. from File Transfer Protocol (FTP) to Secure File Transfer Protocol (SFTP) or File Transfer Protocol over SSL (FTPS). By forming the communication interface to the IT infrastructure, the security system is therefore a component and can be integrated into IT patch management. The update cycles of the operating system in the OT environment correspond to those of the standard IT environment. Under this approach, updates happen regularly, allowing IT security to be maintained at the highest possible level without effecting the connected things. The operating system is effectively hardened and minimised to increase its own resistance to attacks and successfully reduce attack vectors.

Page 9

4 Connect: Integrating Things in IoT

Connection of Things The integration of machines into IoT and Industry 4.0 use cases requires a secure, reliable and seamless connection from internal to external networks and IoT platforms. A secure integration with IoT platforms should also secure networks without the need for them to be permanently open.

Graphic 2: Example of a secure execution environment with security as an IoT application.

In order to secure communication to cloud-based IoT platforms, industrial strength security e.g. TLS 1.2 must be deployed to create a secure end-to-end communication tunnel. The connection must only be outgoing and should be complemented by policy-based access controls to ensure that only authorised personnel for the machine or group of machines can get access. To facilitate the seamless integration of machines into cloud-based IoT platforms, “edge computing” is playing an increasingly larger and more important role. 10 Besides protecting machines as well as connecting them to the cloud, an edge device can and must be able to interface with different types of devices - PLC/RTU, HMI, as well as machines with legacy operating systems, e.g. Windows XP. Various protocols from these devices including but not limited to Modbus, MQTT, AQMP, HTTP, OPC-UA, need to be translated or supported by the edge computing device. An edge computing device with a secure execution environment that uses operating system level virtualisation, e.g. a secure docker environment, facilitating the fast and secure deployment of applications for current needs as well as providing a future-proof platform to deliver long-term benefits.

10 https://www.mckinsey.com/industries/high-tech/our-insights/new-demand-new-markets-what-edge-computing-means-for-hardware-companies

Page 10

Processing of Machine Data Fast Fact: Edge devices can provide a secure execution environment for applications or container apps, e.g. secure dockers to perform additional functions including: Table 2 below outlines the features and benefits of edge devices:

FEATURES: BENEFITS:

Securely connecting legacy systems

Legacy systems that function adequately but run on outdated operating systems, interfaces or protocols, that are no longer supported or lack the latest security can be protected & connected to the internet. Unsecure protocols are translated to secure protocols, e.g. FTP to SFTP and encrypted. Data integrity is an essential component. Digital identities can be assigned to each machine to ensure that data is uniquely identifiable and is being generated from a particular machine.

Pre-filtering of data

Sensitive, private & personally identifiable data, e.g. medical data can be anonymised prior to transmission to the internet. Normalisation of data can also be performed in real time. If online connectivity is lost, the edge device provides secure temporary storage of messages until connectivity is restored.

Real-time data analytics and actions

Data from a machine or group of machines within the same network can be analysed at the edge to perform instant actions in response to pre-configured triggers & desired outcomes, e.g. if machine temperature exceeds 40 degrees Celsius, room temperature can be adjusted.

Securely connecting

legacy systems

Pre-filtering of data

Real-time data analytics and actions

Customised or proprietary applications

Advanced security

management

Page 11

Security Management A highly secure root of trust hardware, e.g. an embedded secure element is crucial for Industry 4.0 applications. 11 A certified hardware root of trust forms the basis for a trusted and secure edge computing platform as well as deploying additional security functions for the systems. 12

▪ Secure Storage: keys, security credentials as well as sensitive data

▪ Cryptographic: provision of security such as encryption or signing of data

The need to continuously monitor and apply security updates in the process of ensuring that machines are protected against the latest security vulnerabilities is of paramount importance. Secure lifecycle management whereby security management is separated from the machines provides an effective and efficient method of applying the latest security patches. With machines that are connected, security patches can be deployed and installed seamlessly, securely and cost effectively through an IoT platform.

Permanent Machine Control to Maintain Security Data flow control: In order to reliably determine the security status of an OT network, the identification of all things in the network and making a statement about their security level as well as the continuous control of their communication behaviour is essential. The proliferation of things within a network infrastructure leads to an increased level of data transfers. At the same time, the transparency of communication flows taking place in networks is reduced, coupled with the growing complexity of connectivity between different network areas. The crucial factor here is the control of communication flows between the networks at zone transitions. To achieve the highest possible level of security in IoT and Industry 4.0 scenarios, it is absolutely necessary to permanently control the data that is being exchanged from the things and edge devices. Currently, firewalls, monitoring systems and other preventive security measures are used to control the data flows. Firewalls use a defined set of rules, according to the white and blacklisting approach, and after packets have either been passed or dropped, with firewalls usually being placed at central network transitions. Monitoring systems primarily collect as much data as possible about the systems in the network as well as the data flows and hold them at a central place. In addition, they should relate the data and point out possible problems or threats according to previously defined rules. The problems found are presented in the form of alarms and require manual verification and if necessary, the initiation of further measures. These two approaches to control data flows are based on rigid pre-defined rules, which must be regularly reviewed and adjusted. The process is very time-consuming as well as being error-prone and because of that, these two approaches are no longer sufficient to ensure adequate state of the art cyber security protection.

11 https://cerberus-laboratories.com/blog/iot_hsms/ 12 https://www.researchgate.net/publication/329170865_Hardware_Rooted_Security_in_Industry_40_Systems

Page 12

This is where anomaly detection13 comes into play. Anomalies are unexpected deviations from the norm, in the context of production deviations from "normal operating conditions". In order to detect anomalies, the "normal state" of a system - here a production network - must be known, so an initial learning phase is necessary. After this phase, the system can automatically “detect” abnormal behaviour. Here are some simple examples:

▪ detection of new “things” in the network

▪ detection of the communication between devices

▪ detection of new protocols in the network

▪ detection of connections to insecure networks, e.g. the Internet

▪ detection of attacks with unknown signatures

▪ detection of advanced persistent threats (APTs)

Only the combined use of all three of these approaches for data flow control can ensure the highest possible level of security in IoT and Industry 4.0 networks.

13 German Federal Office for Information Security, Monitoring und Anomalieerkennung in Produktionsnetzwerken, 2019

Page 13

5 Detect: Monitoring to Increase Resistance to Cyber-Attacks

As described in the previous section, the combined use of all three approaches: firewall, monitoring and anomaly detection, for effective data flow control are essential to ensure the highest level of security in OT networks. From an architectural point of view, these three approaches or functions are best performed on an edge device, which connects things to the office IT or directly to the insecure internet. Services on the edge device see the data flow in both directions and are perfectly suited for any type of control mechanism. This concept is shown in the diagram below:

Graphic 3: Placement of the edge devices (sensors) in the infrastructure.

Every OT cell network is encapsulated with an edge device (sensor), regardless of whether it just one or has many more things are behind it. The edge device implements all three functions: firewall, monitoring and anomaly detection. It combines all these functions intelligently for best possible protection as well as managing the edge devices and their security mechanisms, through the core system. The core system has its own user interface to centrally configure and deploy rules, according to white and blacklisting approaches, as well as to control the data flows of every OT cell network via the corresponding edge devices. In addition, this system provides a clear overview of all traffic, as well as potential vulnerabilities. In addition, continuous network situation images allow anomalies to be detected at a very early stage using intelligent methods like machine learning. Such a sensor acts dynamically so that a reliable early warning system can be implemented which reveals all kinds of weak points. In order to uncover attacks in a timely manner, the sensor is able to detect connection manipulations and hidden channels for malware control as well as data exfiltration for every OT cell network. The intelligent combination of pre-defined rules, anomaly detection and firewall functions on the edge device as the central data control gateway, automatically enables potentially dangerous data flows to be blocked, which ensures the highest possible levels of security in the OT network.

Page 14

6 Digital Transformation: Industry 4.0 Use Cases

Several research papers have been published on Industry 4.0 by institutions from Germany and around the world 14 as well as governments collaborating with Germany 15 to actively promote emerging opportunities and use cases as illustrated on the Plattform Industrie 4.0 website 16 including:

▪ 300+ practical German examples on Industrie 4.0 ▪ 150+ French best practices on Industrie du futur ▪ 150+ Japanese use cases for the Japanese Robot Revolution Initiative

The central focus and basis for these use cases is data. The importance of data is highlighted in an article arguing that oil in no longer the world’s most valuable resource; it has been replaced by data.17 Data from which insights can be gleaned by performing analytics and machine learning and in response to these insights, actions can be taken, and decisions being made in real time. Machine, device or sensor generated data provides important information on its condition (health), utilisation (capacity) and yield (quality). When machines, devices and things are connected, the data generated can be used to increase efficiency, drive quality and facilitate on-demand resource allocation. Table 3 below outlines the information that can be derived from the data:

CATEGORY: INFORMATION GENERATED:

Condition (Health)

Parameters including but not limited to pressure, temperature, vibration, flow, and leakage provide valuable information on the machine’s general condition.

Utilisation (Capacity)

Utilisation metrics such as OEE (Overall Equipment Effectiveness) and TEEP (Total Equipment Effectiveness Performance) provide insights into capacity of manufacturing operations.

Yield (Quality) A machine’s yield is a reflection of its process quality.

In a fairly recent (November 2018) article by McKinsey and following an extensive market analysis, the authors identified and explained the rationale for one hundred and seven use cases in edge computing. The graphic below shows some of the sectors and related use cases (part of a much longer list) to highlight the breadth and depth of the opportunities for edge computing in real life industrial scenarios.18

14 https://www.researchgate.net/publication/315670892_Past_present_and_future_of_Industry_40_-_, last visited August 2019 15 https://www.plattform-i40.de/PI40/Navigation/EN/ThePlatform/InternationalCooperation/international-cooperation.html, last visited August 2019 16 https://www.plattform-i40.de/PI40/Navigation/EN/InPractice/UseCases/use-cases.html, last visited August 2019 17 https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data, last visited August 2019 18 https://www.mckinsey.com/industries/high-tech/our-insights/new-demand-new-markets-what-edge-computing-means-for-hardware-companies?cid=soc-app

Page 15

Graphic 4 below shows a selection of sectors & use cases in a McKinsey article (Nov 2018)

Table 4 below outlines the performance functions and related benefits performed on connected items:

PERFORMANCE FUNCTIONS: BENEFITS:

Remote monitoring and diagnostics Facilitates faster problem solving through the diagnostic data collected.

Remote access and maintenance Enhances preventive and predictive maintenance.

Security updates

Ensures that machines can still be protected with the latest security updates (when security management is separated from the machines).

Performance management and reports

Provides optimal system operations, usage and adjustments.

From a commercial perspective, transparent and actionable data analytics can help decision-makers to optimise performance, streamline processes and workflows, as well as to develop new business models. Management can benefit from the information being provided on the entire machine and plant infrastructure.

Page 16

7 A One Box Approach: Trusted Edge Platform

IT security established in the OT environment protects machines, devices and things and serves as a solid foundation for the various use cases in digitisation. In order to implement the functions of the model being to; protect, connect and detect as described earlier (refer Table 1), it is crucial that a more holistic concept is developed. The decisive factor for the operator in an OT environment is to reduce the level of investment, time and effort in resources and capital that are required to integrate such a concept. In addition, there are all the internal and external stakeholders who must provide their critical and often value-added services and who require access to things and the data generated. These services can include routine servicing, upgrades and connecting things to IoT platforms to analyse data. It is important to avoid uncontrolled access through the use of various individual solutions in order to meet the requirements of all the stakeholders. Operators are often faced with the challenge of considering the diversity of their own OT environment when developing an overall concept for implementing the models mentioned above. A one-box principle manages to effectively meet the different requirements of IT security in an OT environment. The three inter-related functions of protecting, connecting and detecting, allows the secure implementation and deployment of Industry 4.0 concepts. Due to its secure environment, the approach is completely independent from the manufacturer and provides for the complexity of OT environments across the needs of all stakeholders. The advantages of such an approach: protect, connect and detect, is based on a focus for a modular approach to digitisation, as the following table shows: Table 5 outlines the features & benefits of the “connect”, “protect” and “detect” approach:

FEATURES: BENEFITS:

Corrective Measures

Legacy things are protected from unauthorised access by isolation or segmentation and secured in real time. Communication from and to the things is securely enabled. Monitoring the flow of information keeps IT security at the highest level possible.

Outcomes include: prevention of security related incidents, machine downtime and related costs.

Preventive Measures

The condition of machines, devices and things can be monitored. Based on this, planned and controlled maintenance processes can be initiated. Remote maintenance access and performance becomes seamless, secure and cost-effective. Outcome includes: reduction in operating costs.

Page 17

Smart Concepts

The secure connection of IoT and Industry 4.0 systems in the infrastructure can be guaranteed. Extended use cases such as edge computing as well as M2M connectivity can be implemented.

Outcome includes: increased efficiency via automation.

Value-Added Services

Suppliers and third parties can be securely integrated into the OT environment. Data can be passed to internal and external services and providers in a flexible, timely and cost-effective manner. Outcomes include: new business models & revenue opportunities.

In addition to operators in OT environments, system integrators and manufacturers can also take advantage of the “one-box” principle and simply place their IoT or Industry 4.0 applications close to the machines, devices and things and effectively integrate the trusted edge platform into future concepts.

Page 18

8 Conclusion

There is no doubt edge computing is evolving! It has found a niche amidst a growing need for providing a solution to a range of issues in the push for digitisation as part of Industry 4.0, including but not limited to the need for; making decisions in real-time, providing localised computing power, solving security and storage needs as well as allowing connectivity to the cloud. Since edge computing allows and enables the majority of processing to be done where the data is actually generated, this requires a model that is secure, scalable, modular and cost-effective. In this white paper, secunet has endeavoured to provide rich insights, thought leadership and practical ideas on how to provide a solution to these requirements of Industry 4.0 via the functions of: protect, connect and detect. secunet welcomes your comments and feedback on this white paper through the secunet website at: https://www.secunet.com/en/service/contact/.The team from secunet hopes you found this article informative, educational and useful as part of the Industry 4.0 digital transformation journey. For any futher information, please contact: James O’Sullivan Head of secunet portfolio ANZ M: +61 417 696 542 E: james.osullivan@gi-de.com

Page 19

Appendices

Edge Computing: security with modular & scalable capabilities

Today’s industrial control systems and applications require the highest level of security with

efficient deployment and seamless integration into existing industrial processes to enable

operations to continue without interruption. Edge devices need to be highly modular, secure and

scalable.

Graphic 5 outlines secunet’s recommended edge computing model based on the following:

Edge Device

- Industrial firewall protection - micro segmentation or stealth mode.

- Long life-cycle security management. - Web GUI for efficient deployment.

Crypto Module

- Computer SSD with integrated embedded Secure Element (eSE) - FIPS 140-3 certified.

- Highly secure smart card based crypto functionality and storage.

IoT Gateway

- Secure connectivity to IoT platforms. - Highest security standard for critical

infrastructure.

- Secure TLS tunnel for remote access.

Anomaly Detection

Policy Manager

- Continuous analysis and visualisation of security status.

- Automated reporting, prioritisation and security risk & vulnerability assessments.

- Granular policy management. - Fully controllable by the OT team. - Easy integration to messaging or LDAP

system.

Edge Processing

- Secure Docker environment for IoT platforms (e.g. Azure, Mindsphere).

Advanced Security Service

- Design and rights management for on-premise IoT platform.

Custom- isation

- Highly customisable and future proof solution that can provide long-term customer benefits.

Communi-cation

Extension

Ongoing Platform

Integration

- Additional communication interfaces such as Wifi, 4G/5G router, Bluetooth, etc.

- Integration to other IoT platforms.

Page 20

About G+D, secunet and advance52

Giesecke+Devrient Group (G+D): Founded in 1852, the G+D Group is a global security technology company headquartered in Munich, Germany. Innovations from G+D make the lives of billions of people in the digital and physical world more secure every second of every day. With its products and solutions, G+D is one of the market and technology leaders in the areas of payment, connectivity, identities and digital infrastructure. During the 2018 financial year, G+D generated sales of 2.25 billion euros, with 11,400 employees and had operations in 32 countries. Its customers include central and commercial banks, mobile network operators, automobile manufacturers, health insurance companies, governments and public authorities. Additional information on G+D can be found at www.gi-de.com. Graphic 6 shows an overview of the G+D Group that includes secunet & advance 52:

secunet: Founded in 1997, secunet is a subsidiary of the G+D Group. secunet is one of the leading German providers of high-quality IT and OT security products and solutions. More than 500 experts work in the areas of cryptography, e-government, automotive and enterprise security through developing innovative products as well as managing highly secure, trusted and reliable IT and OT solutions. Several German Stock Exchange (DAX) listed companies as well as public authorities and private organisations are amongst secunet's impressive and growing list of national and international customers. secunet is the trusted IT security partner for the Federal Republic of Germany and a long term partner in the Alliance for Cyber Security. The company reported revenues of 163.3m euros in 2018 and is listed on the DAX. Additional information on secunet can be found at www.secunet.com. advance52: Founded in 2017, G+D launched a digitisation unit that acts as a catalyst for new technologies and business models. As a legally independent subsidiary, “advance52” is helping the subgroups, subsidiaries and regions of G+D to expand their digital business in the core areas of security, payment, identity and connectivity in OT and IT. advance52 is G+D’s change accelerator, its incubator and intrapreneurial partner for external clients and internal employees. G+D thrives on the change that digitalisation brings, as it constantly and rapidly revolutionises how societies work, live, consume and think. advance52 quickly identifies and creates opportunities to innovate by applying the rules of design thinking into reality and successfully assimilates these into the market. Additional information on advance52 can be found at www.advance52.com/.