More and more machines and systems in the manufacturing industry are networked. This opens up opportunities, for example to improve processes with generated data. At the same time, however, there are also risks, as industrial automation components become more susceptible to faults and attacks via the network.

The Industrial Security Testing Framework ISuTest is a tool for finding vulnerabilities in networked automation components. Discovered vulnerabilities can be fixed by the manufacturer, thus reducing the component's attack surface. In the future, robustness against attacks will be a quality criterion that manufacturers can use to set themselves apart from others.

The ISuTest is designed as an open, extensible framework and thus sets itself apart from commercial competitors with closed-source software. The direct target group of the ISuTest are manufacturers and integrators of automation components. It supports its users from the setup of a vulnerability test to the execution to the isolation of vulnerabilities to the post-processing of the bug to the developer, who can subsequently fix it.

First successes with the ISuTest could be achieved by the discovery of several weaknesses confirmed by the manufacturers. Companies use the ISuTest laboratory operated by the Fraunhofer IOSB in Karlsruhe to test their automation components for vulnerabilities. First cooperations for the integration of ISuTest into the development process of manufacturers have begun. These successes show: The ISuTest opens up the domain of security testing to automation experts - the vision of "Security by Design" becomes realizable in practice.

Offer

The ISuTest framework can be used in different ways. The simplest case is to use our proven and tested security test laboratory infrastructure to have one of your devices tested with ISuTest. If you would like to get an insight into testing yourself and gain your own experience with ISuTest, we offer a pre-installed ISuTest appliance for rent or purchase. Last but not least, ISuTest can be embedded into your existing test infrastructure during development. In addition, we offer training, consulting and development services around ISuTest.

Testing of components in the security test laboratory with ISuTest

In the simplest case you send us a component to be tested to our security test laboratory with ISuTest at the Fraunhofer IOSB in Karlsruhe. Products can be considered in the life cycle from prototype status to operational readiness. We analyze your component with ISuTest and create a report about the state of IT security. Besides component manufacturers, integrators and operators can also use our analysis to evaluate and assess products. This way, the state of IT security of a component can also be taken into account in their purchase decisions.

Use of the ISuTest Appliance

Maybe you have already had a component tested with ISuTest and want to gain experience with ISuTest yourself? Perfect, we are happy to offer you a pre-installed ISuTest appliance for rent or purchase. After an introductory training on the use of ISuTest you can start testing the practical use of ISuTest in your company. For this purpose we are happy to support you with consulting and development services.

Integration into existing test infrastructure

The use of ISuTest by means of the ISuTest appliance was successful and you would like to perform the security tests regularly instead of only selectively? No problem, ISuTest provides an automation interface which allows remote control of the framework. Both the control of the tests and the delivery of the test results into existing test systems is possible. Thus ISuTest can supplement existing, functional tests with security tests.

Training, Consulting and Development

As a modular and expandable framework ISuTest can be extended in all possible directions. Manufacturer's own configuration protocols? The testing of these frequently susceptible protocols is also possible. We implement the protocol for you, or we show you how you can do it yourself. You need to control another component for testing? No problem. You want to test a different type of device, for example medical devices? Talk to us, we will find a solution.

You are interested? Please do not hesitate to contact us via the adjoining contact fields or call us. We will be happy to advise you!

The Cybersecurity Training Lab of Fraunhofer Academy is a cooperation between Fraunhofer and selected universities of applied sciences. Specialists and managers from industry and public administration receive a compact qualification in high-quality laboratories with up-to-date IT infrastructure. There, they simulate real threat scenarios, learn to recognise their significance and consequences and study suitable solution concepts in a practical manner in their use and efficiency.

Based on proven cooperation models between Fraunhofer and universities of applied sciences, a model is being implemented for the further training of IT security specialists which involves the universities of applied sciences as partners in cooperative research, in the development of further training concepts and teaching modules and finally in the teaching of the course content.

By setting up the Cyber Security Training Laboratory and networking the continuing education offers of various partner consortia, users and decision-makers are addressed. The modules are tailored to the needs of industry and public administration in terms of sectors, topics and functions.

The quality of the training is ensured by the involvement of Fraunhofer Academy. Fraunhofer Academy is responsible for the consideration of the latest findings from learning and educational research in the development of the courses on offer and for continuous quality management. Furthermore, it coordinates both the development and marketing of offers and the (subsequent) certification of persons.

The secure operation of modern industrial networks is a major challenge. Communication protocols that allow protected and authenticated connections are needed to secure these networks. OPC UA, for example, is such a secure, industrial communication protocol.

With OPC UA, as with many other protocols, these connections are secured through the use of certificates that enable a secure authentication of communication participants. In practice, however, their use requires configuration and management effort.

OPC UA and certificate management

In order to keep this effort as low as possible, the OPC UA standard already includes functions for managing these certificates, even integrated into the protocol. A so-called "Global Discovery Server", or GDS for short, with certificate management support is required to provide this in practice.

open62541-based GDS

The open62541-based GDS is an implementation of such a Global Discovery Server with certificate management. It offers the management of registered applications in an OPC UA network, as well as the management and distribution of certificates and trust lists.

The GDS is based on the open-source open62541 implementation of the OPC UA standard.

We offer…

We carry out research and development projects on the application of secure trust infrastructures in industrial networks and make this knowledge and experience available.

Planning and concept development

We plan deployment scenarios for OPC UA environments and work with our partners and customers to develop concepts for setting up and operating secure communication networks.

Security analyses

We analyze new and existing OPC UA environments for their security properties. In doing so, we not only incorporate the latest scientific findings, but also carry out targeted technical tests to evaluate the security of the environments.

Concepts and implementation of secure OPC UA

We carry out development work based on OPC UA in order to implement use cases for secure industrial networks. We also create suitable concepts for certificate management and the use of public key infrastructures (PKI).

Certificate management using the GDS

We develop and promote the implementation of certificate management in OPC UA using the open62541 stack and our own GDS implementation.

Industrial automation and control systems (IACS) play a major role in modern production systems. Their robustness and security are becoming increasingly important as the interconnectivity increases. Highly connected IACS are particularly vulnerable to remote attacks, as they can be reached by an attacker from the network and can also influence the production process. In principle, it is possible for an attacker to cause damage to the production process without physical access. For example, an attacker can achieve this by exploiting vulnerabilities in the IACS. For this reason, it is necessary to avoid vulnerabilities in IACS. One way of doing this is security testing. The aim here is to uncover vulnerabilities during the development of IACS. If the vulnerabilities are found during the development process, they can be closed before the IACS is used in production.

In our security testing laboratory, automation components can be analysed using various types of security testing. We focus on automated black box tests via an Ethernet interface. In black box tests, the system to be tested is only viewed from the outside; knowledge about internal details does not have to be included in the test. In addition to standard network protocols, our laboratory also examines weak points industrial network stacks such as PROFINET or MODBUS/TCP. If the analysed system offers a website, this is also checked for vulnerabilities. The ISuTest security testing framework developed at Fraunhofer IOSB, an Achilles Testing Platform from GE and various other supporting tooles are used to this end.

Our systems are constantly evaluated and further developed through regular security tests of real hardware in our security testing laboratory. This ensures that they fulfil the current requirements for security tests in the field of industrial automation components.

Previous tests have included analysing bus couplers, (safety) controllers, switches, and edge devices for existing vulnerabilities. We have also analysed medical devices and OPC UA environments. It is generally possible to analyse all systems that provide communication via an Ethernet interface.

Our well-equipped security testing laboratory enables us to offer various services. We can carry out security tests for manufacturers in our laboratory for which the above-mentioned test methods can be used. We can also make our laboratory available to manufacturers who wish to have their hardware tested by their own developers using our environment. If the aim is to carry out the hardware tests in-house in the long term, we can also provide advice on setting up a security testing laboratory at the manufacturer's premises.

The topic of security testing and the establishment and further development of a security testing laboratory is also being part of various research projects. Our tools are constantly evaluated and further developed through regular security tests of real hardware in our security testing laboratory. This ensures that they can fulfil the current requirements for security tests in the field of industrial automation components.