Stephan Beirer from GAI Netconsult in Berlin sent in this report from the Hannover Messe, a huge event in Europe.

Last year the IT security topic was a bit more prominent at the fair, with several discussion rounds and IT/SCADA security vendors exhibiting. This year the subject is a bit more hidden. Except for Industrial Defender at the RuggedCom booth I couldn’t find any exhibitor specialized in SCADA security.

But it is obvious that the Industrial Ethernet component vendors are taking the network security topic more serious. Several vendors now offer managed switches with special security options (SSH, SNMPv3, port security and physical port lockdown) and industrial firewalls which fit in their product lines, e.g. Phoenix Contact and Weidmueller. The Phoenix firewall is the well-known Innominate MGuard. Hirschmann has recently dropped the cooperation with Innominate. The VxWorks based successor to the MGuard model will be available this summer, offering basically the same functionality.

Hirschmann is planning to integrate some of the firewall functionality into their switches and routers in the near future so the move form Linux to VxWorks is reasonable. Hirschmann also offers robust 61850-3 compliant switches aimed at the substation market (MACH1000, RSR30), while RuggedCom seems to expand from the substation to manufactring networks.

Moxa also seems to have an industrial firewall module, but I didn’t manage to stop by their booth.

A funny story happened at the booth of a well known industrial control system vendor while I was discussing patching strategies for their Windows based products. The vendor guy argued that their system installations have (deja vu!) “no connection to external networks” so that patching is not that time critical as it would be in more open networks (needless to say they validate the MS patches and this takes several months, so they normally integrate the patches in the scheduled release updates, which IMHO takes a bit too long). We were standing in front of a huge 2×3 meter Eyevis projection screen displaying the vendors control system application in action. Just in the moment I was replying that I really doubt that todays modern control system are still isolated from networks like the business network, another sales guy started to show a prospective customer some brand new product features: starting the Internet Explorer with Google Maps on the control system to locate the geographical position of some assets and accessing the homepage of some instrument vendor to order spare parts directly from the control system asset management application…my dialog partner looked quite stunned ;).

Thanks Stephan