If companies can learn anything from the Spectre, Reaper and WannaCry threats, it is that no IT defense system in the world can completely secure the perimeter of their own industrial network. Last year, Bitkom estimated that the activities of cyber criminals and their own employees cost companies around 55 billion euros a year.

This figure does not yet take into account the disruption vectors that arise independently of cyber attacks. Even in small production cells today, there are often over 50 different components from different manufacturers with a variety of functionalities and configurations. This complexity promotes disruptions due to network problems, communication errors, capacity bottlenecks, network degradation and device conflicts. However, manufacturing environments depend on functioning real-time communication. Even small interruptions can lead to production disruptions. Audits repeatedly show that control network operators neither have an overview of their integrated components nor do they know the communication structure. According to a recent study by analyst firm Forrester Consulting, only 18% of the large companies surveyed have identified all the endpoints in their network. The remaining 82 percent lack digital transparency. All stakeholders agree that networks in I4.0 environments are an integral part of business success - and must be managed accordingly. However, this is not possible without digital transparency.

Companies need sovereignty over their control networks for effective network management. And this begins with seamless network mapping using industrial anomaly detection. The mapping answers the crucial questions for administrators: Which actors are operating in the control network? Who communicates with whom, how and how often? How high is the network load over time? What exactly is communicated in the control network? Surprisingly, a German automotive company found unknown participants in the control network as well as faulty data packets and unclear communication interruptions.

Analyze activities in the tax network

Analysis using industrial anomaly detection creates transparency about which components (assets) are active in the control network and what specific activities (events) are taking place between them. Using deep packet inspection technology, the individual communication packets are read out at content level and details of the communication structures become visible. This knowledge enables effective control network management, which always aims to ensure the continuity of real-time processes and the productivity of the entire system.

During operation, industrial anomaly detection as a network condition monitoring tool identifies malware attacks as well as network or system wear, faulty data packets, creeping changes, capacity bottlenecks and, last but not least, human errors. This means that all factors that could lead to disruptions or even failures in production are seamlessly detected and reported to administrators in real time. This expansion of the scope results in a complete picture of the control network dynamics, but also an increase in anomaly reports. Administrators are therefore supported by a risk assessment and filter options for the anomaly reports. For example, if a new network subscriber accesses a process-relevant device, this anomaly is shown with a high risk score. In addition, anomalies can be subjected to separate monitoring. If an anomaly recurs, it is automatically displayed in the context of its first occurrence. These network condition monitoring functions guarantee that administrators can immediately assess anomaly reports and evaluate the network quality and prioritize countermeasures.

With this complete visualization of all changes in the control network, industrial anomaly detection also functions as an information provider for other areas of the company. The data can provide important details for process optimization, preventive maintenance, quality assurance and general IT security. Interfaces (e.g. REST-API, Syslog, IEC 104) ensure smooth forwarding to the respective teams in the company, enabling full data integration within the company.