3. › Easy and fast connectivity
› Open to connect to any network
› Security at its core
› Remote accessibility
› 24/7 availability
› Dynamic and self-adapting
› Scalability
Major characteristics
Kontron | Praxistage 2024
What is essential for IoT solutions?
3
How does
this come
about?
› Utilizing connected devices as base
4. › Malware infections
› Data Theft
› Lack of compatibility with new
security technology
› Regular automatic updates
› Exploitable backdoors
› Loopholes or flaws in operation
systems
› Denial of Service (DoS)
Kontron | Praxistage 2024
IoT security issues and challenges at the edge
4
› Insecure interfaces – authentication is key
› Insufficient data protection – insecure
communication and data storage
› IoT skill gap
› Poor IoT device management – shadow
IoT, unmanaged, unknown, unauthorized
5. By managing your connected devices efficiently and securely
Kontron | Praxistage 2024
How can these challenges be solved?
5
Accessibility
Cyber Security
Maintenance
Connectivity
Health
6. 6
› DIY Syndrome
› Time consuming for
personnel
› Difficult to scale
› Limited visibility of health
and performance factors
› Data overload leads to
inefficiencies and
limitation in IoT solution
functionality
Why manual and poor device management is a risk for IT teams?
Common Traps
Kontron | Praxistage 2024
7. › Confidentiality
› Integrity
› Availability
Three pillars on all levels
There is no way around Security by Design (#1)
7
Kontron | Praxistage 2024
Device
System
Network
Application
Cloud
8. Development Process
› Automatic build process (continuous integration)
ensure short development cycles
› Automated testing
› Automated CVE/CWE scanning
› Threat modelling as integrated method for
development and test
› Product development by SCRUM
› Rapid development with APEX
Deployment Process
› Infrastructure as a code enables fast reaction to
changes and requirements
› Integration / Scenario tests with risk assessment
› Automated rollout of new versions on all staging
systems
› Trust areas
› Approval process according to the dual control
principle
› Tracking and registration of each update
› Complete overview of installed versions on each
server
Kontron | Praxistage 2024
Agile Development and Deployment
Security by Design (#1)
8
9. › Knowledge about supply chains
› Knowledge about security status
› Recommendations for actions
Software Bill of Material (S-BOM)
Supplier management (#2)
9
› Which libraries and modules have been used?
› Provide a bill of material
› Determine version and provide documentation
› Are there security issues known?
› Are there patches available?
› Should we use alternatives?
› Tests against CVE/CWE database (e.g. mitre.org / nist.org)
› Description of the security issues
› Allocation of the version to the component
› Notes on remediation
› Automatic tracking of 3rd party software
› Continuous version tracking and documentation of results
Kontron | Praxistage 2024
OLD
NEW
11. The time to act is now
Advanced cyber security regulations by EU legislation
11
2014
2016
2016
2018
2019 2023
EU Cybersecurity Act
European cybersecurity
certification framework
GDPR
Processing of personal data
of individuals
NIS Directive
Directive on attacks against
information systems
NIS2 Directive
“Security by Design” and
“Security by Default”
EU Cyber
Resilience Act
Cybersecurity requirements
for products with digital
elements
Expected
2023
Kontron | Praxistage 2024
12. › EU Data Act
› A new regulation that
establishes uniform rules for
data access, switching cloud
providers, and
interoperability
requirements in the EU.
› Objective: Create a single
data market in the EU with
reuse of data across all
sectors of the economy.
› Target group: Mandatory for
products and services in the
EU
› Validity:
› Cyber Resilience Act
› A proposal for a legal
framework to define
cybersecurity requirements
for hardware and software
products placed on the
market in the European
Union.
› Objective: To improve the
security of digital products
› Target group: Mandatory for
all companies that
manufacture products with
digital elements
› NIS2
› EU-wide piece of legislation
that provides legal
measures to improve the
overall level of cybersecurity
in the EU by ensuring
preparedness and
cooperation between
Member States and
requiring key actors in key
industries to take security
measures and report
incidents.
› Objective: Increase cyber
security and resilience in the
EU
› Target group: Mandatory for
operators of critical
infrastructures
› IEC 63442
› International series of
standards covering cyber
security for operational
technology in automation
and control systems. The
standards take a risk-based
approach to cyber security
and provide a framework for
the systematic assessment,
mitigation and management
of cyber security risks in
industrial automation and
control systems.
› Objective: Ensure reliability
and safety of critical
industrial processes and
infrastructure
› Target group: Mandatory for
offshore installations and
ships
Overview for Mechanical Engineering Companies
Kontron | Praxistage 2024
Major Security Standards 2024
12
Deep Dive
13. 13
Working Team
Our IT team of the charging stations may be in trouble
Core competence:
› Application development
Reality Check!
Kontron | Praxistage 2024
Is this all doable?
Potential gaps:
› Hardware knowledge
› Embedded software expertise
› Network security
› Multi-layered connectivity
VS
14. › Data-driven analysis and decision-making
› Improved automated operations
› Enhanced security
› Seamless connectivity
› Increased efficiency
Why automated device management offers great benefits in
order to future-proofing your fleet?
14
Kontron | Praxistage 2024
OT
IoT
IT
Benefits of the convergence of IT, OT and Internet of Things
16. Device Management KontronOS Docker Management
Integrated but independently usable
Five Key Services of K-PORT
› Condition monitoring of the IoT
devices
› Manage all devices worldwide in a
cloud-based environment for edge
devices
› Easily onboard IoT devices
› Manage device fleets
› Hardened operating system for X86 or
Arm, based on Yocto Linux
› Two redundant operating system
partitions ensuring maximum uptime
› Secure management interface for
updates and deployment
› Short-term updates in case of "critical"
vulnerabilities.
› Manage Docker Containers
› Encapsulate customer applications
(images) in containers
› CLI communication with Docker
Registry
› Deploy Docker containers
automatically with Docker Compose
to fleets of devices in the field
Kontron | Praxistage 2024
17. Remoting VPN-Service
Integrated but independently usable
Five Key Services of K-PORT
Kontron | Praxistage 2024
› Centralized management of desktop and remote
accesses, e.g. RDP & SSH accesses
› Establishment of secure remote connections
› Command line access
› Activate and deactivate temporary direct access to
the machine and plant network
› Direct connection "tunneling" between networks
› Manage, monitor and log VPN connections
› Connect to a device simultaneously
18. How a hardened OS ensures to run them reliably
Kontron | Praxistage 2024
Focus on building your applications is paramount
18
#1 Security
› Flexible and portable: Linux based can be used flexibly for Intel® x86 & Arm® based
devices
› Tailored to Docker containers: containerized applications are lightweight and ideal
for connected devices, KontronOS creates a secure environment for them
› Reduced to the essentials: a minimal Linux operating system with all the necessary
functions it needs to ensure smooth operation
› Maximum uptime: two redundant partitions (active and passive) ensure maximum
uptime in the event of a failure, interruption or failed update and guarantee a
smooth operation of Docker containers
19. KontronOS
Kontron | Praxistage 2024
Hardened operation system as security at its core
19
› Two redundant partitions for redundancy and automated
rollback to older versions in case of problems in the update
process
› Clear separation between operating system and application
level
› Continuous CVE/CWE investigation
› Support of the integrated security mechanism at boot level via
TPM 2.0 on x86 and via HAB for Arm®
› Web UI for configuring network zones of integrated firewall
and IP address
#1 Security
20. From image to template via CLI and Docker Compose integration
Kontron | Praxistage 2024
Automated Build Process
20
#2 Automation
› Image › Single Container
› Container Set
› Docker
Compose
Operation System
+
› Template
or
› CLI
› Drag & Drop
› Docker
Compose
› CLI
› Drag & Drop
21. Plan your rollout scenarios strategically
Kontron | Praxistage 2024
Automated Update Cycle
21
#2 Automation
› Nearby Location
› Test Lab
› Germany
› Norway
Operation System
+
› Template
› Worldwide
22. Standard IoT Stack to Fully Customized
Kontron | Praxistage 2024
Fleet Management Solution that fits your application
22
Standard IoT Stack
KBox A-250 (x86)
Licenses
i.MX8M Mini (Arm®)
Get started right away
Modified Standard
Modified HW: Arm-based to x86-based
Licenses + project costs
Get started in weeks
Fully Customized
Custom HW
Customized OS
Licenses + project costs
Get started in months
#3 Flexibility
23. From Security to Digital Services
Kontron | Praxistage 2024
The interaction of the Susietec® portfolio
23
24. 24
How do you future-proof your IoT solutions?
› Security at its core
› Automation at its heart
› Flexibility in its mind