Security is our promise
Security is an Attitude
What are the security risks in industrial communication? We ask ourselves this question at all stages of development. Safe systems and devices require a safe development process. The development engineers of MB connect line are certified accordingly.
For this purpose, we rely on a TÜV expert certification program in the field of secure software development and on expert knowledge in the field of IT security (Teletrust T.P.S.S.E.).
Security by design
Our goal is to make the workflows and use cases in which our products are used as secure as possible and to consider IT security from the beginning of the development process.
In this way, the view on possible attack surfaces determines the work flow of the developers. Another key point is user-friendliness. The goal is to reduce complexity to that the user can not make any mistakes. The entire life cycle is considered. It is also not possible to read out data from a device that is ready for scrapping at the end of its life cycle.
Security as a teamwork
To guarantee the security promise to our customers, MB connect line works with external IT security companies to validate developments. We are actively involved in the industrial security working groups at Teletrust and from this the evaluation method for IEC62443-4-2 was developed, against which we measure and test our product safety.
The experience and the different points of view are essential factors for the safe design of our products – without losing sight of user-friendliness.
We see penetration tests rather as the first step of product maintenance than the last step of product creation. For us, security maintenance actually starts before the product is formally released and continues long after the product is no longer available for purchase.
It is an ongoing process that we maintain as long as the product is supported.
Security as a Whole
In our views, a security incident as the result of a problem in the process of product design, installation, configuration, integration, or usage. As a manufacturer, only the first process is under our control.
All the following others are mostly out of our hands. We do care to deliver secure products and contribute in this way to your Security by Design exercise.
Certification & Testing
At regular intervals, our products are reviewed by independent IT security companies. Both automated and manual penetration tests are used here. Essentially, the following standards and guidelines are appropriated:
It is important for us to establish a dialogue between developers and pentesters. That’s why a penetration test always consists of the test itself and an intensive dialogue between Pentester and the developer in the aftermath.
Since then, there have been established certification procedures for IT security products for critical applications (e.g., military, government, etc.). For classical industrial applications there are various certification possibilities, such as the standard IEC62443. In cooperation with TeleTrusT, a test catalog was developed for this, which is used for our products. In addition, the published “state of the art” (“Stand der Technik”) technology from TeleTrusT is an important tool for our product development.
SECURITY STRATEGY OVERVIEW
Our Product Security Incident Response Team (PSIRT) monitors how new threats and newly discovered technology vulnerabilities can affect our products. They are ready to respond immediately to security alerts, reports or test reports.
We are a member of TeleTrusT – Bundesverband IT-Sicherheit e.V. and develop our products based on current IT security guidelines. As bearer of the Teletrust mark “IT Security Made in Germany” we have committed ourselves to the Teletrust criteria.
TeleTrusT is a competence network that includes domestic and foreign members from industry, administration and science as well as thematically related partner organizations. Our CEO&CTO represents Teletrust at the European Cyber Security Organisation (ECSO), where he is active in several working groups.
With the first platform for the coordination of IT security problems, CERT@VDE offers manufacturers, integrators, plant constructors, and operators from the field of industrial automation the opportunity for information exchange and support on the topic of cyber security.
Get our Security Whitepaper
You want to learn more about our Industrial Security Standards? Order our latest Security Whitepaper now.
Find your sales partner
Find your personal contact person in your area.
Start your remote services
Are you looking for an all-in-one solution? Try our web-based remote access portal today.
We are here to help you
Questions? We can help you. For direct support, you can also call us.
Subscribe here to get updates on IoT and remote access solutions, products and features and get the latest cybersecurity updates.