OTORIO Introduces OTORIO spOT: Protecting the Digital Life Cycle of Machines from Cyber Attacks

  • October 14, 2021
OTORIO Introduces OTORIO spOT: Protecting the Digital Life Cycle of Machines from Cyber Attacks
OTORIO Introduces OTORIO spOT: Protecting the Digital Life Cycle of Machines from Cyber Attacks

Stuttgart- Oct. 11, 2021 - OTORIO, a provider of next-generation OT cyber and digital risk management solutions, is expanding its solution portfolio with OTORIO spOT to protect the digital life cycle of machines from cyber attacks. spOT ensures secure and legally compliant machine manufacturing–from a single plant to the entire production site. spOT enables machine builders to automate the safety assessment of machines and significantly reduce the time and cost of Factory Acceptance Tests (FAT) and Site Acceptance Tests (SAT).  In addition, spOT enables machine manufacturers to monitor the safety situation of their installed base throughout the life cycle of the machine.

Cyber attacks threaten Industry 4.0 

Digitized manufacturing, known as Industry 4.0, is powered by digital machines consisting of a variety of components and devices from different vendors. All hardware needs to be protected from today's highly dynamic cyber threats. The machines must remain safe not only during delivery and commissioning, but throughout their entire life cycle.
This poses major challenges for machine manufacturers, as they must ensure that every machine they deliver is safe and meets both legal requirements and customers' contractual requirements. In terms of cybersecurity, a mechanical engineering company must rely on the security measures of its third-party providers. To make matters worse, the mechanical engineering ecosystem goes far beyond the usual conformity and acceptancetest procedures of FAT and SAT. It is the responsibility of the machine builder to bring machine safety into line with the guidelines and regulatory requirements, even if the machines are in operation in the customer's production.
"Machine manufacturers must therefore have tools in place to verify that their devices comply with ever-changing security policies and threats. They need to notify their customers when new vulnerabilities are discovered and provide clear guidelines for remediation in real time or near real-time. This is exactly where spOT provides comprehensive support," explained Kay Ernst, regional sales director DACH at OTORIO.

How OTORIO spOT works

spOT provides a detailed inventory of each machine at each customer location. It creates a unique "fingerprint" for each machine. Thousands of plants are then automatically scanned across multiple products and locations and the data is compared with manufacturer updates and OTORIO's security database. If a vulnerability is discovered, spOT uses the fingerprint to identify exactly the affected machines and notify the security teams. In this way, machine manufacturers can manage the cybersecurity situation of each machine throughout its life cycle at the customer's site.
Powered by OTORIO's RAM2 platform with its patent-pending Cyber Digital Twin technology, spOT enables machine manufacturers to automate security assessments and significantly reduces the time and cost of FAT/SAT processes. In addition, spOT makes it possible to manage the cybersecurity of the machine throughout its life cycle at the customer's manufacturing site.
"The use cases for spOT range from assessment and confirmation to ongoing review and assurance of  cybersecurity and compliance. This starts for new machines before delivery, continues before a new machine is connected to the production line or after maintenance and throughout the entire life cycle. spOT takes over the identification of new weak points and notification of customers as part of the regular inspection of the machines on site or remotely," explained Ernst.

  • Complete inventory overview: Comprehensive inventory and change management of OT/IT/IoT resources in the machine and production line
  • Automated security and compliance verification: Ensures that the machine complies with cybersecurity guidelines, best practices and regulations during commissioning and delivery.
  • Actionable Remediation Playbooks: Clear recommendations for fixing gaps and protecting against ransomware.
  • Full portability: Plug & Scan to inspect machines, regardless of location.
  • Simplified liability management: Instant identification and notification of customers of new vulnerabilities and risks
  • Cost reduction: Significant reduction of FAT/SAT costs and improvement of the offer through automated cybersecurity of machines

Key features:

  • Full visibility of inventory: Visibility across all integrated third-party technologies from the machine level to the entire production line.
  • Machine-level compliance: Testing machines and equipment for compliance with safety regulations and standards, including IEC 62443, NIST, NERC CIP, CSA Z462 and OSHA 3132.
  • Automated policy review: Compliance with security policies, best practices, zero trust policy, and proper configuration before and after delivery to the customer.
  • Actionable playbooks for mitigation: Clear recommendations for fixing security vulnerabilities and hardening against ransomware.
  • Liability management: Identify and notify customers of vulnerabilities in each machine's IT/OT/IoT resources throughout its lifecycle.
  • Comprehensive reports: Automated, clear reports keep manufacturers and users informed about their security situation.
  • Integration of a central management system: Easy synchronization of data with the central management system for change management, documentation and reporting.
  • Remote access monitoring: Option for remote monitoring of machine security as a service to end customers using on-machine SpOT devices.