The protective measures dictated by COVID-19 force companies to limit the number of persons present on the production floor. To ensure fully automatic and efficient production, an ideal solution is to combine a small number of workers on-site with colleagues working from home offices via remote access to the machinery. The latest generation of WITTMANN BATTENFELD injection moulding machines with B8 control and WITTMANN 4.0 option has been developed for safe remote access.
The WITTMANN 4.0 option extends the UNILOG B8 machine control system by a separate production cell control system (the WITTMANN 4.0 Router), which performs various communication tasks as well as protective functions. One of these functions is the external firewall, which has been optimised for operation with injection moulding machines.
In this way, the WITTMANN 4.0 Router shields the machine’s control system from the outside world. Unlike office PCs, injection moulding machine control systems cannot normally be upgraded automatically to the latest operating system software and be equipped with the most recent security patches. An update would first have to go through an elaborate, time-consuming verification process carried out by the manufacturer. In the meantime, malware can exploit security gaps in the operating systems of machine control systems which are already known but not yet closed. One possible scenario is the misuse of machine control systems for denial-of-service (DoS) attacks, which in the worst case will cause control system failure and thus production standstill.
The WITTMANN 4.0 Firewall has been optimised for the typical use of an injection moulding production cell (restrictive firewall). As standard, virtually all ports are closed, which are not dedicated to essential external communication of the injection moulding machine and the appliances connected with it. The expressly permitted communication processes are also subject to continuous plausibility testing (intrusion detection). If the communication volume exceeds the typical volume of data to be expected, this could point to a DoS attack, which is then stopped by immediate counteraction.
Another security aspect is the aggregation of the OPC-UA servers of the injection moulding machine and the auxiliary appliances in the WITTMANN 4.0 Router. So, the communication between an external data client and the actual appliance or the injection moulding machine within the production cell takes place exclusively via an aggregation server in the WITTMANN 4.0 Router. All requests from external clients are dealt with directly inside the router without being passed on to the physical appliances. This is a further security feature.
The WITTMANN 4.0 Router is equipped with a secure boot process which allows automatic updating of the operating system, as long as the respective update has a certificate from WITTMANN. This prevents the installation of fake updates in the hardware which could be capable of circumventing all kinds of security installations.
It must be expected that machines will increasingly need to be accessible from outside in future. This makes it all the more important to have secure access to the entire production cells, such as the access provided by the WITTMANN BATTENFELD UNILOG B8 control system in combination with the WITTMANN 4.0 Router.