Security

Targeted attacks on industrial control systems are increasing worldwide and can have serious consequences: standstill or even destruction of a machine or plant – resulting in production downtime, reputational damage, and financial loss. Protection against cyberattacks has therefore become a key factor for the safe and continuous operation of industrial facilities.

Securing data and communications, as well as audit logs, are essential measures to prevent unauthorized interventions and to detect security-relevant irregularities at an early stage. 

As modern machines and production systems are increasingly integrated into IT and communication networks, for example for remote maintenance, new requirements for information security arise, posing challenges for both plant manufacturers and operators.

Certified security

Bachmann’s security solution meets the highest standards of cybersecurity and reliability. It is certified according to IEC 62443-4-2 and thus fulfills all relevant requirements for secure industrial automation and control systems. In addition, it is approved for maritime use in accordance with IACS UR E27. This makes our solution suitable for deployment both in critical infrastructures on land and on ships or offshore installations, where robust, standards-compliant IT security and system availability are essential.

Security through Defense-in-Depth

The Defense-in-Depth principle combines multiple interlocking protection mechanisms to ensure that systems remain secure even if one line of defense fails. Bachmann consistently applies this concept to comprehensively safeguard industrial control systems and enhance their resilience against cyber threats.

• Protection against Denial-of-Service attacks ensures the availability of critical functions even under heavy load, network device failures, or targeted attacks.
• Encrypted communication via TLS guarantees data integrity and confidentiality, while server and client certificates restrict access to trusted systems only.
• Access Control and role-based authorization ensure that only authorized users can access critical functions, data, and process variables.
• Regular integrity checks using hash values for critical system components protect system integrity and prevent unauthorized modifications.
• System hardening, such as minimizing the attack surface and consistent patch management, enhances overall stability.
• Security logging provides traceability of all security-relevant events and enables early detection of attack patterns or anomalies.

Efficient management

The efficient management of a large number of controllers in critical infrastructures requires the ability of centralized and server-based administration of users and their access rights, SSL certificates and the central logging of system messages.

For this reason, the M200 control system supports the LDAP protocol for central user management, SCEP for the centralized rollout of SSL certificates, and syslog for the logging of system messages. This ensures that administration, security, and traceability remain efficient and transparent at all times.

Security Monitor

The Security Monitor consolidates all security-relevant settings of a controller in one clearly structured, central interface. Since modern industrial systems include numerous parameters and aspects related to security, it is easy to lose track. The Security Monitor offers an intuitive, wellorganized overview that allows users to quickly assess the current security status and ensure that no important settings are overlooked. It thus supports operators and integrators in consistently implementing security policies and maintaining the integrity and protection of the system over the long term.

Safety and security 

The Bachmann Safety Controller SLC 284 protects against manipulation and misuse, ensuring the integrity of safety-critical programs. Malicious modifications are detected already at the engineering stage, while functions for freezing development states prevent unintentional changes. A customizable login system controls access for each safety controller, and tamper-proof, redundant logging ensures that all events can be fully traced.