Cyber security infrastructure as a foundation for new digital service solutions
OPTIMA packaging group GmbH
Initial situation
OPTIMA packaging group GmbH and its subsidiaries have a machine base of several thousand packaging machines at their clients. These machines, developed and produced by Optima, are frequently tailored to the customer’s needs. This flexibility for individual solutions characterizes Optima.
With the growing networking of machines and the increasing digital service use, demands on machine manufacturers regarding connectivity and IT security are increasing. Networks in and around production machines are no longer secure, isolated islands. They are digitally networked – and consequently exposed to new threats from inside and out. Companies are constantly faced with cyber-attacks that they can only avert with a solid cyber security infrastructure.
At Optima, those responsible were aware of this threat situation when creating additional digital solutions for their service portfolio. It was clear to everyone involved that we needed distinctive and uniform security architecture. A real challenge: on the one hand, developing new digital service solutions for customers’ individual packing machines. On the other hand, driving a solid cyber security architecture forward. Optima asked us for support in bringing these conflicting requirements together.
Our task was to define general rules for machine and network design that comply with all safety standards. The focus was on:
- Communication between machines
- Communication within machines
- Communication between operational and information technology
Approach
We chose a multi-stage approach for the project. Within each phase, development was agile and based on shared Kanban boards.
Phase 1: Risk analysis and action recommendations
In the first step, our consultants conducted risk analysis based on a specially developed threat model. We then used it to develop general recommendations for securing these systems. This included, among other things:
network architecture
procedure for securing the network based on the Cisco CPwE architecture (Converged Plantwide Ethernet Architecture)
recommendations for securing the machines – from firewalls to operating systems for integrated computers
Phase 2: Concrete measures and concepts developed
The next step was to implement previously defined recommendations into specific measures and concepts – for the entire group of companies. We chose agile project management for this Herculean task. We had to keep an eye on everything: corporate and organizational structure, reporting channels, incident management and development process. But it was worth the effort. At the end of this phase, we had developed clear company guidelines for a modernized development process and its mapping to Scrum.
Strict pharmaceutical-specific requirements in accordance with GMP (Good Manufacturing Practice) were particularly challenging. A “defense in depth” principle is at the heart of all these developed measures. This provides for several security precautions to protect information integrity. All aspects of corporate security are covered – redundantly if necessary. If a line of defense is compromised, there are additional layers of defense to ensure that threats do not penetrate. “Defense in Depth” eliminates vulnerabilities that inevitably occur in technology, personnel and operations.
Results
The developed concepts provide Optima with a solid foundation. Now, the responsible parties have a standardized approach to secure machine networks for all business areas. Enhanced cyber security offers Optima new opportunities in new business development and expansion of its service portfolio.
Standards such as ISO 27001, IEC 62443 and BSI basic protection served as the north star for concepts and company guidelines. They form the basis for a possible ISO 27001 certification – for Optima and for its customers.
Outlook
Phase 3 is still pending. It involves creating standardized process and procedure documents. This will enable all companies in the group to apply new corporate guidelines and – by integrating Optima’s quality management – ensure that they are
Agile Security
Security is a major issue. At Novatec, we deal with security across entire development lifecycles in Agile Security. We promote a shift-left security approach: security is integrated into requirements, architecture and design right from the start, instead of having security tested by an external penetration tester at the end, as is often the case. Our expertise and services include threat modeling, application security, industrial security, security testing, identity and access management, security audits and compliance topics such as ISO 27001 or IEC 62443. And anyone would like to legally get to know the other side of IT in a training course as a hacker, explore security in all its breadth to make our world a safer place is very welcome to join us.
The client – OPTIMA
Optima supports companies worldwide with flexible and customized filling and packing machines for pharmaceuticals, consumer goods, hygiene paper and medical products.
(see website error in GERMAN)
Optima supports them as a solution and system provider from product inception to successful production and throughout the entire machine life cycle. Over 2,800 experts around the globe contribute to Optima’s success. 20 locations in Germany and abroad ensure worldwide service availability.
In 2022, Optima will be celebrating its 100th anniversary.
“Cooperation with DOCUFY was very trusting and enabled a very agile working style. Joining forces, we were able to significantly simplify processes for occasional users and achieve a uniform look and feel for the entire ecosystem. With this result, we have also created the basis for DOCUFY to be able to quickly add workflows for new roles.”
Sebastian Graef
Novatec Consulting GmbH
“Process digitization with the help of our products enables our customers to reach the next level. That is why we center our development work on precisely this topic in all its facets. With Novatec, we have found a partner that allows us to develop software solutions for the benefit of our customers at high speed.”
Dr. Hans Holger Rath
DOCUFY GmbH
Mit der neuen App heben wir die Digitalisierung unserer Elektrowerkzeuge auf ein neues Level. Dank Novatec bieten wir heute erweiterte Gerätefunktionen und attraktive Services. Dabei sind wir näher am Kunden dran denn je. Die App erfüllt unsere hohen Ansprüche an Skalierbarkeit und Erweiterbarkeit. Sie ist ein wichtiger Schritt für den digitalen Vorsprung von Bosch.
Gerrit Elvers
Chief Product Owner
Bosch Power Tools
Die Zusammenarbeit war exzellent, und die App setzt in Sachen Skalierbarkeit, Benutzerfreundlichkeit und Funktionalität Maßstäbe. Durch unsere enge Kooperation erzielten wir eine Lösung, die aktuelle Bedürfnisse vollumfänglich bedient, und zukünftigen Anforderungen gewachsen ist.
Markus Müller
Director Digital Product Development
Novatec
Michele Lanzinger
SAFe Strategic Advisor & SPTC
Scaled Agile, Inc.
“What we particularly like about working with BRUGG Pipes is the early and transparent involvement of all areas of the company involved. The joint focus on the added value of the solutions created is also particularly noteworthy. Our joint work is inspiring and valuable, and it’s fun to see the progress.”
Fabian Ritter
Managing Consultant
Novatec Consulting GmbH
“As ‘Pioneers in Infrastructure’, we want to set standards in the digital transformation. In Novatec, we have found the right partner for collecting, processing and integrating our machine data in order to map our value creation with real data and make potentials transparent. The combined expertise, processes and methodology of Novatec and BRUGG Pipes creates a powerful alliance that focuses on the customer in the midst of the digital revolution.”
Michael Starzynski
Global Head of Digital & Controlling Operations
BRUGG Pipes
„Als ‚Pioneers in Infrastructure‘ wollen wir bei der digitalen Transformation Maßstäbe setzen. Mit Novatec haben wir den richtigen Partner für die Erhebung, Verarbeitung und Integration unserer Maschinendaten gefunden, um unsere Wertschöpfung mit Echtdaten abzubilden und Potentiale transparent zu machen. Die gebündelte Kompetenz aus Fachlichkeit, Prozessen und Methodik von Novatec und BRUGG Pipes schafft eine kraftvolle Allianz, die den Kunden inmitten der digitalen Revolution in den Fokus stellt.“
Michael Starzynski
Global Head of Digital & Controlling Operations
BRUGG Pipes
„An der Zusammenarbeit mit BRUGG Pipes begeistert uns vor allem die frühe und transparente Einbindung aller beteiligten Bereiche des Unternehmens. Besonders hervorzuheben ist dabei auch der gemeinsame Fokus auf die Mehrwerte der erstellten Lösungen. Unsere gemeinsame Arbeit gestaltet sich inspirierend und wertvoll, es macht Spaß die Fortschritte zu sehen.“
Fabian Ritter
Managing Consultant
Novatec Consulting GmbH
La digitalización de los procesos con ayuda de nuestros productos permite a nuestros clientes alcanzar el siguiente nivel. Por eso situamos precisamente este tema con todas sus facetas en el centro de nuestro trabajo de desarrollo. En Novatec hemos encontrado un socio que nos permite desarrollar soluciones de software a gran velocidad en beneficio de nuestros clientes.
Dr. Hans Holger Rath
DOCUFY GmbH
La colaboración con DOCUFY fue muy confiada y permitió una forma de trabajar muy ágil. Juntos, pudimos simplificar considerablemente el proceso para el usuario ocasional y lograr una apariencia estandarizada para todo el ecosistema. Con el resultado obtenido, también hemos creado la base para que DOCUFY pueda añadir rápidamente flujos de trabajo para nuevas funciones.
Sebastian Graef
Novatec Consulting GmbH
Lo impresionante de #SOPHYGRAY es su capacidad de aprendizaje: aunque al principio era muy ingenua y no conocía las respuestas a muchas preguntas, desde entonces ha aprendido mucho gracias a la interacción con el público. Esta mejora continua de la IA solo fue posible gracias a la cooperación con Novatec.
Peter Friese
Künstlerischer Leiter
