IT Security at INSYS icom
INSYS icom is a digitalisation expert specialising in industrial data communication. We form the bridge between IT and OT with our core expertise in remote maintenance, remote control, condition monitoring and data networking. Our solutions are therefore often the central gateway in the communication between closed and secure networks and the wider Internet. They accordingly form a natural target for attackers, and for this reason the security of our solutions enjoys top priority.
Attacks on systems in the first place can have a variety of reasons, even if they may not be obvious at first glance.
In order to protect our solutions and customers against such attacks, at INSYS icom we maintain an IT security culture that is characterised by the terms: “Security first“, “Security by design” and “Update it“.
In every phase of our business and at every stage of the product lifecycle, IT security plays a crucial role. The following six points form the cornerstones of our work:
From the outset, our products are developed in line with the principles of “Security by design” and “Security by default“. They are therefore characterised by the following points, among others:
Every product is only as secure as the updates it receives. This is why we at INSYS icom attach great importance to regular updates for our products:
Provision of patches for critical vulnerabilities (CVSS 9.0-10.0) immediately after availability
Patching of less critical vulnerabilities for the next planned release
Maintenance of a list of security notifications for CVEs (security advisories)
Critical infrastructures (CRITIS) are organisations or facilities with major significance for the state. However, at present there is no worldwide standard which applies in the field of security in critical infrastructures. INSYS icom therefore bases the development of its products on the guidelines of various international organisations and standards such as NIS, CISA, ENISA and IEC 62443. Accordingly hundreds of organisations from the critical infrastructure field rely on our devices and services. They are used in the areas of water and energy supply, among others, by organisations ranging from small municipal utilities to large mechanical engineering companies.
The following five tips will help you to ensure that your systems and machines are securely networked:
Here you will find material to support you in the KRITIS audit. In addition, you will receive an overview of penetration tests performed as well as documentation and instructions for using INSYS icom products securely.
|Products tested||Test body||Period||Status/result|
|icom OS||OpenSource Security GmbH||Q2 2021||Weak points are being corrected.|
|icom Connectivity Service||OpenSource Security GmbH||Q2 2021||Weak points are being corrected.|
|icom Router Management||OpenSource Security GmbH||Q1 2021||Weak points are being corrected.|
|icom OS||Customer test from the energy sector||Q1 2021||Weak points corrected.|
icom Data Suite
|T-Systems on behalf of a customer||Q4 2019||Weak points corrected.|
|icom Connectivity Service|
|Secunet on behalf of a customer from public transport||Q3 2019||"In conclusion, the system examined can be confirmed as having a generally high level of safety."|
|icom OS||Customer test from plant engineering||Q2 2019||Weak points corrected.|