IT security

IT Security at INSYS icom

INSYS icom is a digitalisation expert specialising in industrial data communication. We form the bridge between IT and OT with our core expertise in remote maintenance, remote control, condition monitoring and data networking. Our solutions are therefore often the central gateway in the communication between closed and secure networks and the wider Internet. They accordingly form a natural target for attackers, and for this reason the security of our solutions enjoys top priority.

Attacks on systems in the first place can have a variety of reasons, even if they may not be obvious at first glance.

The reasons for attacks are varied;

  • Extortion: disruption of production processes, which is only lifted against payment of a ransom
  • Industrial espionage: theft of business-critical information and know-how
  • Political motivation: attacks on critical infrastructure as part of a “cyber war”
  • Demonstration of power: causing maximum damage without a specific goal
  • Exposure of vulnerabilities: attacks to improve the resilience of systems. Attackers are predominantly friendly and cooperative.

In order to protect our solutions and customers against such attacks, at INSYS icom we maintain an IT security culture that is characterised by the terms: “Security first“, “Security by design” and “Update it“.

„Safety first“ – security as the basis for our actions

In every phase of our business and at every stage of the product lifecycle, IT security plays a crucial role. The following six points form the cornerstones of our work:

  • All components (hardware, firmware and web services) are from a single source and are developed by our specialists in Germany.
  • We regularly have the IT security of our products validated through penetration tests and resistance analyses.
  • Our web services are operated exclusively in ISO27001-certified data centres.
  • We regularly update all security-relevant open source libraries.
  • We rigorously use automated software testing on nightly builds with thousands of test cases.

„Security by Design“ – security from the word ‘go’

From the outset, our products are developed in line with the principles of “Security by design” and “Security by default“. They are therefore characterised by the following points, among others:

  • Easy configuration of secure authentication procedures
  • Hardened firmware for a minimal attack surface
  • Uniform firmware across all devices
  • Encrypted and signed firmware
  • Container applications completely isolated from the firmware
  • Support for the latest encryption standards
  • Automated updates via icom Router Management or update server
  • Comprehensive 24/7 monitoring of all managed services

“Update it” – our update policy

Every product is only as secure as the updates it receives. This is why we at INSYS icom attach great importance to regular updates for our products:

null
icom OS Router operating system
  • 6 updates per year
  • cycle: every 8 weeks
  • Security patches are available for at least a further 8 years
null
icom Connectivity Service
  • Continuous updates; on average one update per month
null
icom Router Management
  • Cloud: continuous updates; on average one update per month
  • onPremises: continuous updates
null
Response to security vulnerabilities & patch management

Provision of patches for critical vulnerabilities (CVSS 9.0-10.0) immediately after availability
Patching of less critical vulnerabilities for the next planned release
Maintenance of a list of security notifications for CVEs (security advisories)

At home in critical infrastructures (KRITIS)

Critical infrastructures (CRITIS) are organisations or facilities with major significance for the state. However, at present there is no worldwide standard which applies in the field of security in critical infrastructures. INSYS icom therefore bases the development of its products on the guidelines of various international organisations and standards such as NIS, CISA, ENISA and IEC 62443. Accordingly hundreds of organisations from the critical infrastructure field rely on our devices and services. They are used in the areas of water and energy supply, among others, by organisations ranging from small municipal utilities to large mechanical engineering companies.

How to keep your facilities safe in five steps

The following five tips will help you to ensure that your systems and machines are securely networked:

  • Secure your application according to our IT Security Guide.
  • Install updates as quickly as possible after they become available. The best way to do this is to use our icom Router Management and subscribe to our Release Notes.
  • Make your employees aware of security issues: “social engineering” plays a major role in 19% of all successful cyber attacks.
  • Make sure that the components and products used are handled professionally. This will help you avoid faulty configurations.
  • Choose a secure authentication procedure, e.g. certificate-based authentication with your own CA or a RADIUS server.

Links, certificates and penetration tests

Here you will find material to support you in the KRITIS audit. In addition, you will receive an overview of penetration tests performed as well as documentation and instructions for using INSYS icom products securely.

Online form for security advisories

Do you have any questions about the IT security of products? Send a message to our ISB/CISO at [email protected] or use the following secure online form.

Menu