As security features in existing products often have to be integrated individually and sometimes retrospectively in order for them to withstand the networked world, a consistent security concept is usually not possible. With the automation platform ctrlX Automation, Bosch Rexroth has rethought security from the ground up and developed a holistic solution.

"For users - especially in the field of Industry 4.0 - it is of central importance that all solutions used for automation and networking have appropriate security mechanisms. These security requirements determine the development approach of ctrlX Automation. With the automation platform, we combine control technology, IT and IoT to create a secure system. Security is consistently implemented at all levels," explains Thomas Maag, Head of Product Management in the Automation & Electrification Solutions business unit at Bosch Rexroth.

The hardware and software products from ctrlX Automation are designed securely in accordance with Secure by Design. This means that security requirements are already taken into account during the development phase. The basis of the IEC 62443-certified automation platform is the Linux Ubuntu Core operating system.

With the ctrlX Core controller, Bosch Rexroth offers an integrated all-in-one network appliance. This ensures maximum security and availability of the router, IoT gateway, firewall and VPN. The associated IoT software has fully integrated IT security standards in accordance with IEC 62443 for access control and remote maintenance. The controller also offers various security features such as Secure Boot, TPM 2.0 chip, Secure Production Mode and many more.

ctrlX Core is also designed according to Secure by Default. This ensures security and flexibility when integrating data into existing IT manufacturing systems. The user can use the device securely from the very first minute and connect it to other systems and the IoT without any configuration effort.

Balancing act between end-to-end openness and security

The system can be expanded with customer-specific apps and is ready for new standards such as 5G and OPC UA over TSN. To enable additional use cases, a VPN extension or firewall integration can be optionally implemented via the app.

"ctrlX Automation is a completely open system. In addition to our apps, third-party providers also provide apps for various automation tasks in the ecosystem. However, this openness does not exclude security. Each of the partner apps we offer is signed by us. This makes it impossible for third-party software to bring malicious code with it," explains Thomas Maag.

The integrated apps are also tamper-proof and protected against unwanted attacks. ctrlX Automation therefore offers a high level of security both for its own products and for all components in the ecosystem.