Remote access to injection molding machinery has become the norm at many injection molding plants, and it is gaining even more traction because of COVID-19. As protective measures dictated by the pandemic are forcing companies to limit the number of people on the production floor, more companies are increasing their use of remote access to machinery.
The challenge has been that many machine control systems were not designed for this use when they were developed and are consequently vulnerable to malware and cyber attacks. However, the latest generation of Wittmann Battenfeld injection molding machines with a Unilog B8 control and Wittmann 4.0 option helps ensure safe remote access with the help of an optimized firewall and numerous safety features, said the company.
|The Wittmann 4.0 firewall has been optimized for injection molding production cells. Image courtesy Wittmann Battenfeld.|
Wittmann 4.0 extends the Unilog B8 machine control system via a separate production cell control system — the Wittmann 4.0 router, which performs various communication tasks as well as protective functions. One feature is an external firewall optimized for operation with injection molding machines.
Unlike office PCs, injection molding machine control systems typically cannot be upgraded automatically to the latest operating system software and be equipped with the most recent security patches. An update first has to go through an elaborate, time-consuming verification process carried out by the manufacturer. In the meantime, malware can exploit security gaps in the operating systems of machine controls. One possible scenario is the misuse of machine control systems for denial-of-service (DoS) attacks, which can cause control system failure and halt production.
The Wittmann 4.0 restrictive firewall has been optimized for injection molding production cells. Virtually all ports that are not dedicated to essential external communication of the injection molding machine and the appliances connected with it are closed. The permitted communication processes are also subject to continuous plausibility testing, or intrusion detection. If the communication volume exceeds the typical volume of expected data, this could point to a DoS attack, which is then stopped by immediate counter action.
Another security feature is aggregation of the OPC-UA servers of the injection molding machine and auxiliary appliances in the Wittmann 4.0 router. Communication between an external data client and the actual appliance or injection molding machine within the production cell takes place exclusively via an aggregation server in the Wittmann 4.0 router. All requests from external clients are dealt with directly inside the router without being passed on to the physical appliances.
The Wittmann 4.0 router is equipped with a secure boot process that allows automatic updating of the operating system as long as the update has a certificate from Wittmann. This prevents the installation of fake updates in the hardware, which could be capable of circumventing all kinds of security installations.
Machines increasingly will need to support remote access, which makes it all the more important to ensure that access to production cells is secure.