Vulnerability assessment for Linde manufacturing plant

Industry
Metal - Engineering

Location
Germany

01 Overview

Many of today’s ICS evolved by inserting IT capabilities into existing physical systems, often replacing or supplementing physical control mechanisms. However, this opens up new threat vectors that can potentially compromise the efficient and secure operation of the systems.

02 About the customer

Linde Engineering develops process plants in the engineering, procurement and construction business, worldwide. The company focuses on market segments such as plants for the production of hydrogen and synthesis gases, oxygen and olefins as well as plants for natural gas treatment. The group has more than 1,000 process engineering patents and 4,000 completed plant projects.

03 What we did

After the current setup was documented and risks / vulnerabilities defined, we proposed a fully new design:

Plan for physical fiber reconstruction with goal to increase redundancy

Plan for reorganization and reconfiguration of access switches to increase redundancy and comply to the ISO 27001 IT security framework

Plan for installation of a new Firewall cluster, which will segment all plant networks into zones and control communication inside out. Setup complies to NIST 800-82r2 ICS security best practices


04 Our process

Step1

Perform network assessment, understand current setup

Step 2

Define risks and vulnerabilities

Step 3

Propose new network design




At Linde Engineering, we are dealing with IT challenges on a global scale – every day. Within this context, it is of utmost importance that we drive our business forward, through digitalization and innovation leadership. The team at TronIT understood the importance of what we are doing and managed to support us with incredible strategic and implementation know-how. Their international experience made them the perfect fit for our needs.

Uli Hofmann, Head of IT, Linde Engineering



05 Conclusionr

During the network assessment, various flaws and vulnerabilities were discovered. The biggest problems found were weak firewall rules, wrong network segmentation and many single points of failure, which could lead to network disruptions. These gaps created opportunities for attacks and could have led to serious consequences.

TronIT introduced and implemented a new network design which significant increased network security and helped client to be more safe and ready for any future hacker attack.