GEMÜ develops cyber-secure industrial control units with the support of INVENSITY
For a long time, cybersecurity was not an issue for manufacturers of industrial components – that has changed. GEMÜ has faced up to this change at an early stage and in a consistent manner. Together with INVENSITY, measures were initiated to meet current cybersecurity requirements.
IEC 62443, BSI KRITIS regulations, the Biden decree: more and more norms, standards and regulations consider the fulfilment of requirements in the field of cybersecurity not only necessary for the operators of industrial plants, but also demand this from component manufacturers as well as system integrators.
In addition, cyber warfare campaigns by so-called nation state actors and criminal groups, which are being observed more frequently, forcefully demonstrate the central importance of cybersecurity.
Successful hacker attacks on industrial plants and their components can lead to far-reaching reputational damage and the subsequent loss of trust.
INVENSITY supports GEMÜ in the implementation of standards, processes and suitable measures to safeguard products and applications.
Objectives and background information
GEMÜ produces valves for industrial applications. The company, headquartered in Ingelfingen/Germany, is the world market leader in the field of valve, which is a process and control technology for sterile processes.
GEMÜ would like to give its future products the possibility of greater networking with peripheral devices via BLE (Bluetooth Low Energy) in order to thus support clients in the transition to Industry 4.0 and the automation of production.
Against this background, the central goal of the joint project between GEMÜ and INVENSITY was to develop measures to protect the interfaces of GEMÜ systems from unauthorized access. With that being said, the INVENSITY team, in close coordination with the client, created a cybersecurity concept that makes it possible to check the security analyses already created by GEMÜ for completeness and correctness. The most important questions were: Was the threat situation correctly assessed and were vulnerabilities and threat scenarios fully mapped in the analysis?
The Procedure
The requirements of GEMÜ were at the forefront of INVENSITY’s technical cybersecurity consulting. Accordingly, it was important to understand these requirements very precisely in a first step.
The cybersecurity solution was then developed iteratively in review loops together with the customer. GEMÜ was able to benefit from the experience and best practices from other industries and customer projects, which INVENSITY incorporated into the development at all times.
The result is a system in which attack gaps are closed and which meets the requirements of a cybersecurity-compatible solution.
A reasonable investment in the near and distant future
The main goal of the cooperation between GEMÜ and INVENSITY was to take a pioneering role in cybersecurity in the component manufacturer market and to act before it could be too late in case of doubt. The aim was therefore to secure the customer’s systems against external attacks in the short and long term using effective and efficient solutions.
By taking this step, GEMÜ not only closed the attack surfaces of its systems against potential hacker attacks in the here and now, but also increased protection against future potential risks. GEMÜ is extending its lead in the market through cybersecurity-compliant development and cybersecure products, while at the same time meeting many norms and standards that could be required as standard by customers in the future.
Effective and efficient closing of cybersecurity risks and thus of attack surfaces
Establishment of an internal awareness for the topic of cybersecurity and of basic processes for standard-compliant development
Increase in value creation through positioning as an exemplary cybersecurity-compliant provider on the market
