All Stories
Follow
Subscribe to ONEKEY GmbH

ONEKEY GmbH

Experts recommend: Managing Risks in the Software Supply Chain of Industrial Equipment & Products

Experts recommend: Managing Risks in the Software Supply Chain of Industrial Equipment & Products

New expert whitepaper on managing risks in the software supply chain using IEC 62443 and automated software BOMs now available!

Düsseldorf/Germany, September 7, 2022 – With a new cybersecurity agenda, the German government wants to improve the security of industrial plants. That, however, does not seem to be materializing, criticizes the German Engineering Federation (VDMA). The association had expected broader support and promotion of resilience in the supply chain. "Unfortunately, the agenda does not meet this claim," says Claus Oetter, Managing Director Software & Digitalization at the VDMA, the largest network organization and an important voice for the mechanical engineering industry in Germany and Europe, in a press release. ONEKEY, a company specializing in plant and IoT security, confirms this and says: cyber attacks on "Industrial Automation and Control Systems" (IACS) are on the rise. "In the past, IT and IoT systems were the main targets of cyber criminals. But the same threats, such as ransomware attacks and the interconnection of devices into massive botnets, are increasingly affecting IACS and posing a huge and barely calculable risk," explains Jan Wendenburg, CEO of ONEKEY and operator of one of the leading automated platforms for the automatic analysis of firmware used in industrial plant control systems of all kinds, especially critical infrastructure (CRITIS), as well as networked devices.

Software supply chain needs monitoring

All too often it is made too easy for hackers, ONEKEY's ongoing analyses reveal. "The internal components of the firmware and software required for operation are often unknown and dominated by a lack of transparency. Making the entire software supply chain transparent is even more difficult when the source code of the affected components is not available. An automated SBOM (Software Bill of Materials) created from the binary code can provide the transparency for everyone and enable the steps that policymakers still shy away from. In this case, the business community has to take over," says Wendenburg of ONEKEY. To this end, the company has published a white paper that decisively outlines the problem as well as solution scenarios. According to the VDMA, cyber criminals have already caused immense damage to software and digitalization of the German industry with so-called ransomware attacks. The costs of such cyber attacks are said to amount well to millions of euros per day, and production facilities are often at a standstill between four and eight weeks after a hacker attack, according to the VDMA.

IEC 62443 guideline lays foundations

The increased risk situation is leading to growing security requirements for plant owners and system integrators. Since 2009, the International Electrotechnical Commission (IEC) has developed a set of guidelines for the security of industrial automation and control systems: the IEC 62443. "In modern plants, 80 to 90 percent of the code base consists of third-party software components. Since much of the code base is not under the direct control of the vendor, a significant amount of the risk and exposure comes from third-party software components," adds Jan Wendenburg of ONEKEY. With the automated creation of SBOMs and vulnerability analyses on the basis of the ONEKEY compliance platform, a significant contribution is made to comply with IEC 62443-4-1 – with a high level of automation at the same time.

The complete whitepaper "Tackling Software Supply Chain Risks with IEC 62443 and SBOM" can be downloaded here.

About ONEKEY:

ONEKEY is a leading European specialist for automated security & compliance analysis for industrial (IIoT & ICS), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated "Digital Twins" and "Software Bill of Materials (SBOM)" of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, are using this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

Further Information: ONEKEY GmbH,  
Sara Fortmann, E-Mail:  sara.fortmann@onekey.com,
Kaiserswerther Straße 45, 40477 Düsseldorf, Germany,  
Web:  www.onekey.com
 
PR Agency: euromarcom public relations GmbH,
Mühlhohle 2, 65205 Wiesbaden, Germany,
Phone: +49 611 9731 50, E-Mail:  team@euromarcom.de,
Web:  www.euromarcom.de

- - - -

More stories: ONEKEY GmbH
More stories: ONEKEY GmbH
  • 04.08.2022 – 14:05

    ONEKEY redefines IoT Security with UNBLOB

    ONEKEY redefines IoT Security with UNBLOB ONEKEY open sources its high-performance firmware extraction suite Düsseldorf/Germany, August 4, 2022 – With the open-source release of the new binary extraction suite "UNBLOB", ONEKEY provides a core component of its automated firmware security analysis platform to the infosec community. This will set a new milestone in the battle to raise security to a new level in the field ...

  • 18.07.2022 – 14:05

    Cybersecurity "Made in Germany": ONEKEY at Black Hat and DEF CON

    Cybersecurity "Made in Germany": ONEKEY at Black Hat and DEF CON IoT security specialist ONEKEY presents new technology and tools at the two most important IT security conferences in 2022 Düsseldorf/Germany, July 18, 2022 – The two tech conferences Black Hat and DEF CON are considered the unofficial nerve center of global IT security. German companies are rather rarely allowed to present at these two events. This ...

  • 06.07.2022 – 14:10

    Study uncovers vulnerable IoT devices and facilities: Medical, manufacturing and CRITIS

    Study uncovers vulnerable IoT devices and facilities: Medical, manufacturing and CRITIS IoT security report 2022 reveals significant gaps in cybersecurity Düsseldorf/Germany, July 6, 2022 – Cybersecurity is still thought of in silos – that is the conclusion of a study by IoT security specialist ONEKEY. "In many cases, companies and entrepreneurs still think in ...