New Wittmann Battenfeld router offers safe remote access
The company says its latest generation of injection molding machines offer secure access to an entire production cell, for enhanced plant floor safety during the COVID-19 pandemic.
May 21, 2020 by Canadian Plastics
The protective measures dictated by the COVID-19 pandemic force companies to limit the number of persons present on the production floor to an absolute minimum – which is why the latest generation of Wittmann Battenfeld injection molding machines with B8 control and Wittmann 4.0 option have been developed for safe remote access with the help of an optimized firewall and other extra safety features.
The Wittmann 4.0 option extends the Unilog B8 machine control system by a separate production cell control system (the Wittmann 4.0 router), which performs various communication tasks as well as protective functions. One of these functions is the external firewall, which has been optimized for operation with injection molding machines.
In this way, the company said, the Wittmann 4.0 router shields the machine’s control system from the outside world. “Unlike office PCs, injection molding machine control systems cannot normally be upgraded automatically to the latest operating system software and be equipped with the most recent security patches,” Wittmann said. “An update would first have to go through an elaborate, time-consuming verification process carried out by the manufacturer. As a result, malware can in the meantime exploit security gaps in the operating systems of machine control systems which are already known but not yet closed. One possible scenario is the misuse of machine control systems for denial-of-service (DoS) attacks, which in the worst case will cause control system failure and thus production standstill.”
The Wittmann 4.0 firewall has been optimized for the typical use of an injection molding production cell (restrictive firewall). As standard, virtually all ports are closed, which are not dedicated to essential external communication of the injection molding machine and the appliances connected with it. The expressly permitted communication processes are also subject to continuous plausibility testing (intrusion detection). If the communication volume exceeds the typical volume of data to be expected, this could point to a DoS attack, which is then stopped by immediate counteraction.
Another security aspect is the aggregation of the OPC-UA servers of the injection molding machine and the auxiliary appliances in the Wittmann 4.0 router. “The communication between an external data client and the actual appliance or the injection molding machine within the production cell takes place exclusively via an aggregation server in the Wittmann 4.0 router,” the company said. “All requests from external clients are dealt with directly inside the router without being passed on to the physical appliances. This is a further security feature.”
The Wittmann 4.0 router is equipped with a secure boot process which allows automatic updating of the operating system as long as the respective update has a certificate from Wittmann. “This prevents the installation of fake updates in the hardware which could be capable of circumventing all kinds of security installations,” the company said.
Headquartered in Austria, Wittmann Battenfeld’s Canadian subsidiary Wittmann Battenfeld Canada Inc. is located in Richmond Hill, Ont.