FAW-Volkswagen Automotive Company (FAW-VW) required a high number of communication terminals due to its rapid development. FAW-VW also faced challenges in security management, IT Operation and Maintenance (O&M) costs, and employees work efficiency. FAW-VW needed terminal security protection with reliable access control and user rights management and comprehensive network protection.
Provide a Testbed to allow testing of security claims and other security related testing evaluation.
With an increasingly mobile global workforce, ensuring security and applying uniform policy across all users and devices was a critical need. Historically, the company was using two on-premise solutions (Websense and a Squid Linux service) both of which were nearing the end of their contract periods. The company wanted to establish and enforce a global policy for internet access, provide secure access to the internet for all employees and ensure uniform coverage for the growing number of remote users, and mobile devices
The client had previously deployed a one-meter-per-store monitoring program. Given the manner in which energy consumption changes with external temperature, hour of the day, day of week and month of year, a single meter solution lacked the ability to detect the difference between a true problem and a changing store environment. Most importantly, a single meter solution could never identify root cause of energy consumption changes. This approach never reduced the number of truck-rolls or man-hours required to find and resolve issues.
ALD Automotive's rapid growth in 39 countries has led to an exponential increase in IT infrastructure complexity. In order to provide cost effective and high performance access when needed, a mix of local and central Internet connectivity has been established rather than backhauling all traffic to a central site. With the evolution of the Web, content has become more dynamic and threats more sophisticated. Secure hacks are encrypted and require SSL inspection. ALD Automotive was looking for a full complete security solution.
Urban commute is a pain: most trips are short and existing options just don't cut it.
Cars are expensive / hard to park / stuck in traffic
Buses are slow / unreliable / stuck in traffic
Motorcycles are heavy / require a special license
Bicycles are exhausting / range-limited / slow
Benteler Automotive is looking for a solution that can solve the following situations:
- Operation of 70 plants in 29 countries with worldwide reliance on components
- Identify a seamless way to connect people, process, data and things to expedite the production process
Predictive maintenance refers to techniques that help determine the condition of in-service equipment in order to predict and/or optimize when maintenance should be performed. Predictive maintenance is one of the most important benefits of the Industry 4.0 revolution.
Amyx+ worked with a local government authority to develop an Internet of Things-enabled public safety strategy. In the current state, vigilance meant manually scanning through potentially hundreds of analog surveillance videos feeds. Manual, costly and ineffective, the local agency desired to transition from analog to digital CCTV, apply computer vision and other technologies to automatically detect potential crime in progress, expedite and streamline emergency calls and integrate with personal wearables to ensure the safety of their citizens.
The Terminal Security Management (TSM) system was installed to divide the intranet into several logical parts, enabling centralized system management and domain-based security protection. Key devices deployed in redundancy mode ensured service continuity.
The TSM performed access control on the network, terminals, and network boundaries. Security protection measures, such as user authentication, security check, access control, operation monitoring, emergency response, and log audition, ensure network security.
- HUAWEI Terminal Security Management (TSM) system
- Security Access Control Gateway (SACG)
*This is an IIC testbed currently in progress.*
Aicas, GlobalSign, Infineon, Real-Time Innovations, UL (Underwriters Laboratories), Xilinx
EyeTech Digital Systems, Inc., iVeia, LLC, JUXT, PFP Cybersecurity, PrismTech, SoC-e, Star Lab Corp.
Aerospace & Defense and Communications, Automotive, Industrial Manufacturing, Smart Grid/Energy, Smart Medical
Security Claims Evaluation Testbed – an open and easily configurable cybersecurity platform for evaluation of endpoint, gateway, and other networked components’ security capabilities.
HOW IT WORKS
The security testbed is a comprehensive testbed comprised of three primary tiers: Endpoint, Gateway and Server (Private, Public Cloud). Data sources can include industrial, smart grid/energy, medical, automotive, building automation, and other related endpoints requested for secure operational analysis. Key platform elements of the testbed include:
• Intelligent endpoint monitoring system(s) from PFP Cybersecurity
• Intelligent Gateway from SoC-e
• Real time analytics from Juxt
• Secure runtime Java VM from Aicas
• Private and Public Cloud secure communication from PrismTech
Software utilized for testbed operation is provided by both members and non-members. With the any-to-any connectivity of the programmable and configurable nature of the security testbed and the application software flexibility, a host of interfaces can be supported. This includes sensor inputs -both analog and digital, video/imaging interfaces, along with a wide range of communications protocols, ranging from Industrial Ethernet protocols to other secure messaging protocols (DDS, XMPP, MQTT, REST, others).
The primary objective of the Security Claims Evaluation Testbed is to provide an open and easily configurable cybersecurity platform for evaluation of endpoint, gateway, and other networked components’ security capabilities. The testbed will enable participants to connect their equipment to a system of other endpoints, gateways, etc. to evaluate the security capabilities of their equipment, interoperability to other devices, and verify the critical areas of their architecture pattern are secured as outlined in the Industrial Internet Consortium Reference Architecture.
Industrial Internet Consortium members and non-members have the ability to connect their equipment to the testbed to evaluate the security of their devices within two different scenarios; individually on a device level as well as with a system of other endpoints, gateways, etc. This includes exploration of methodology and collection of evidence to demonstrate the system operational security processes supporting the key characteristics of the system relative to evaluation of the participant’s claims. Additionally, the testbed enables the evaluation of the critical areas of an architecture pattern that need to be secured as outlined in the Industrial Internet Consortium Reference Architecture.
The testbed will be rolled out in three stages. The first being initial deployment in a lab environment, second in a micro-factory environment and third phase as determined by the growth of the testbed. The security testbed phased release approach provides a unique learning opportunity to evaluate security vulnerabilities at a device level and system level prior to large scale deployment across many key applications driving the Industrial Internet of Things (IIoT) / Industry 4.0.
After looking at the management overhead, functionality and support capabilities of the three alternatives they decided that a cloud-based solution was the best option. Zscaler's solution provide uniform coverage across the on-premise and remote users, with advanced threat protection, Web 2.0 controls and reporting functionality.
- Cloud based web proxy solution
The client deployed OutSmart’s wire-level monitoring and analytics program to gain comprehensive visibility into their stores’ energy consumption patterns
With the OutSmart system they pinpointed the exact:
-Location of the problem.
-Time the problem occurred.
-Cost of the problem condition.
Zscaler provided a web security SaaS (Software as a Service) solution that would reduce the complexity of managing multiple point products at each country. ALD Automotive would simply forward traffic from all countries to the cloud without making major changes to the infrastructure. Augmenting functionality to cloud-based solutions is as easy as enabling additional services. ALD Automotive would not need to install any additional products within their infrastructure.
- Zscaler web security SaaS solution
Wind River is now currently developing technology for Monday Motorbikes, an electric, Cloud-connected motorbike that connects with smartphones. Their IoT platform brings the performance, security, real-time management, and analytical capabilities necessary for extracting, combining, and analyzing device information to support real-time decisions and systems controls. Wind River Helix helps to manage diverse devices and translate all kinds of data for travel across networks and into analytical cloud systems, where businesses and other organisations can gain insights for operational efficiencies and transformative improvements.
Functions of the Cloud-connected motorbike includes end-to-edge connectivity, device manage and software / firmware-on-the-air.
Motorbikes are connected at 28 separate data points for R&D, battery optimization, predictive maintenance and software/firmware updates. There are 2 operating nodes from the cloud, namely economy and sport modes, with a software defining the speed limits. To prevent theft, geofencing is created to shut down outside a geographical limit.
IoT security in embedded devices:
• Meets specs for IEC 61508 and IEC 62304
• “Designed-in” security into embedded devices w/ Wind River Operating systems
• Design the concept of lifecycle security into devices - prevent unsecured connectivity
• Wind River is working with Auto Industry to secure devices remotely (no need to bring back into the station to update)
Data on battery’s performance is stored in the cloud so that users can see the bike’s battery life regardless of location. Specially designed batteries are structured such that cells can be replaced easily whenever it loses efficiency, hence saving the need of disposing the battery, which results in negative environmental impacts.
- Cisco’s Application Centric Infrastructure (ACI) and ruggedized routers and switches provide a robust foundation to power production
- Benteler works with Cisco Partners Nemetris and CANCOM DIAS to connect tools, parts and belts in each factory to each other and to a central location
- End-to-end solution developed through applications supported by fog computing and cloud, integrated hardware and software components
By consolidating the machine data from many different locations in a central place, the optimization of machines and production processes is possible. Thanks to a remote maintenance solution from the Roth Group including components from Endian and the cloud solutions from Amazon Web Services, customers in any industry can benefit today from the advantages of digitization.
Amyx+ developed a holistic IoT strategy. Then worked with the government agency to evaluate best-in-class IP CCTV cameras, computer vision algorithms, wearables, and sound detection solutions for automated crime detection and prevention. Then identified ways to streamline the emergency call routing to minimize bureaucratic re-routing from central station to local dispatch to accelerate response time. The authority implemented a public relations initiative to help citizens become more aware of their surroundings, especially in the evening hours. Moreover, the authority educated the public about wearables devices for personal safety, including but not limited to bracelets, smart watches and other devices that could send emergency notification and messages to friends, family and the police.
FAW-Volkswagen Automotive Company (FAW-VW) is a Chinese joint venture between First Automobile Works (FAW) and Volkswagen Group. The enterprise has almost 20,000 employees working in three major production bases and 500,000 employees working along the vehicle production chain in 1,000 related enterprises.
A global, multi-billion dollar automotive supplier headquartered in Michigan, USA, manufactures and markets high-performance systems and components for the automotive industry. The company employs about 20,000 people in over 70 locations spread across 18 countries.
A leading regional supermarket chain with more than 800 stores located across the Northeastern US. This customer has progressive targets in place which include both energy efficiency and renewable energy initiatives. This customer is a strong believer in the use of data and analytics to identify opportunities for improvement in their supermarkets portfolio.
ALD Automotive is a service company providing vehicle leasing and fleet management to corporations. It is part of Société Générale group, which employs 163,000 persons and is one of Europe’s largest financial services organizations.
Monday Motorbikes builds state-of-the-art motorcycles that are connected to the cloud.
Monday Motorbikes offers the latest and highest density cells on the market within standard battery configuration. Their flagship model, the M-1, allows the user to nimbly navigate the city without the need for registration and insurance, or even a license. By limiting power output through software, the M-1 falls under the federal electric bicycle regulations of the U.S.A and most states in their Economy mode.
Benteler International AG is a Management Holding Company, coordinating legally independent, internationally active business divisions Automotive, Steel Pipes and Distribution. Benteler was founded in 1876.
A Government Authority
Universal Platform - Unified security policy customization is enabled through the TSM system centrally manages FAW-VW’s terminals.
Enable manufacturers to improve the security posture of their products and verify alignment to the Industrial Internet Consortium Security Reference Architecture prior to product launch to help accelerate time to market.
Total Cost of Ownership - Total cost of ownership is lowered due to reduction in IT infrastructure costs.
Cost Savings - The aggregate annual savings potential represented by this data was over 300% of the client’s target for the OutSmart program, and the program demonstrated a payback of around one year.
Employee Efficiency - Employee's efficiency and productivity are improved by providing low latency.
Data on battery's performance is stored in the cloud so that users can see the bike's battery life regardless of location.
Connected every aspect of the factory together to: Realize better production, Create changeovers, Establish operational efficiencies
Automated crime-in-progress detection through implementation of solutions