Applied
go back

a4GATE Unidirectional security gateway for IMA Group

Cyber Security

Emiliano Battistini 2/24/2021

In the manufacturing sector, the 24/7 outbound data flow from connected automatic machines has brought great attention to the matter of cybersecurity.
IMA has tried to solve this problem by isolating the machine network from the outside and keeping the stream of data to the outside active.

IMA S.p.A. is the head of a world leading group in the design and production of automatic machines for the processing and packaging of pharmaceutical, cosmetics, tea, coffee and food products.

Increasingly often IMA’s customers are asking to connect their lines and automatic machines to the network to be able to send and analyze all their data for descriptive and predictive analysis and maintenance purposes.

This increase in demand for connectivity involves a series of problems related to the topic of cybersecurity. In order to stem these issues and keep connectivity active, a device which is capable of combining connectivity and security needs has been developed with the help of international partners.

The idea of developing of a one-way gateway arises from the need to equip the machine or line network with a single access point capable of sending out data and at the same time providing high security standards. This was achieved by inserting a hardware layer that separates the customer’s network from the machine or line network, making the latter inviolable.

The choice to use a hardware component instead of software has the advantage of essentially eliminating maintenance costs and physically ensuring the machine network is inaccessible; in fact a physical separation is guaranteed between the OT and IT worlds.

The project began in late summer 2019 with an international scouting of companies specialized in cybersecurity products. This led us to Israel, where we discovered a large number of specialized companies working in this field.

The choice fell on Terafence ltd, a company that produces technology developed in the military field and has nowadays adapted to a civilian sphere. Terafence produces a type of hardware that is called "data diode". This is an object capable of allowing, similarly to a traditional diode, the flow of data in one direction only.

After the first experimentation with a POC (Proof of Concept) that highlighted the validity of the technology, and after a series of penetration tests aimed at testing the effectiveness of the "data diode" developed by Terafence, the process of engineering the device started. The requirement for the device were that it would offer the guarantee required by an industrial environment and the functional characteristics in terms of data collection software.

In this context, the Applied IoT team identified in Kepware, from PTC / Thingworx, the most suitable system for the requirements expressed by IMA and a hardware and software configuration was studied that would allow to fully develop the potential of the solution with edge computing functionality.

The problems of technological architecture were solved by collaborating with the Taiwanese company ATOP Technologies, with which a new design for the device was realized, making it compatible with the "industrial" world and adjusting production costs to the needs expressed by the market.

The project, led by the Applied IoT team, with the collaboration of the Israeli cybersecurity team and the Taiwanese production team, made it possible to reach the final configuration, which, after further experimentation, was brought to mass production.

The final hardware version was released in June 2020, while the software version is continuously updated and developed. As a matter of fact, while at the beginning of the project we only considered cloud connection as a way to send out data, we now developed connection and data exchange modes to local systems such as MES through different IT protocols.