Solved: Re: How do we ensure against cyber threats with the ctrlX AUTOMATION Platform?

WetheNorth · ‎10-19-2020

How do we ensure against cyber threats with the ctrlX AUTOMATION Platform?

Jochen_Mueller · ‎10-21-2020

Here we provide some features to block any cyber attack.

user management (security by default)

Any access to the ctrlX CORE will be protected by an integrated user manamement. Means every contact must be authorized with username and password. There can be different user with different access rights, configured by the OEM.

Rexroth Firewall app

It's possible to install our Reroth Firewall app, where you can block (black list) or allowed (white list) communication ports. The app is working in both communication directions. Means you can block/allowed ports TO the ctrlX CORE, to fight attacks coming from outside. And you can block/allowed port FROM the ctrlX CORE to fight attacks coming from e.g. a dangerous third party app.

automatically system apps update over device portal

To have always the latest version of ctrlX CORE system apps (e.g. securty updates of linux OS, ...) you can use our device portal service. Here you have the possibility to start/configure remote updates of apps, in case new versions are available.

You see we have some actons the customer can use to protect his system.

StefanH · ‎10-21-2020

Please note also the information provided by ctrlX IoT:

Security by Design

Secure Engineering Process
- BOSCH Security and Engineering Process – Focus of IT Security and Data Protection
- Guideline according IEC 62443 for SL2 and SL3 certification*
Secure Hardware & Software
- Running Ubuntu Core – the most secure, minimal footprint embedded Linux
- Secure Boot – Apps will be checked during start-up for system integrity
- TPM2.0 Chip – Trusted Platform Module on board to manage private keys
- Secure Production Mode – User defined control mode with minimal network footprint
ctrlX CORE User Management
- System-wide identification and access control for all ctrlX Apps and ctrlX Data Layer

Secure by Default

Minimal Software Configuration
- ctrlX CORE will be shipped only with system apps and apps of user configuration
Highest Security Level on the first start-up
- ctrlX CORE is configured to only allow installation of signed apps at initial state
ctrlX CORE User Management
- The user must change password of system user, when logging in at the first time
- Access only via web interface at the initial start

Here are detailed information about the Firewall and VPN App:

https://docs.automation.boschrexroth.com/document/version/1.0/R911403782_01_Firewall-App_-1_-en_US/d...

https://docs.automation.boschrexroth.com/document/version/1.0/R911403774_01_VPN-Client-App_-1_-en_US...

PedroReboredo · ‎10-21-2020

I merged your post related to third party apps into this thread.

How does Bosch Rexroth ensure apps used with ctrlX AUTOMATION are safe and secure?

Rexroth Apps

Partner Apps

Any third party apps

Do we screen them prior to allowing them on our App store?

Do we make any app creator certify to a security standard?

In extension to our own Security mechanisms the Snap technology is a main fundament. Every app is containerized and bundle all related dependencies in one standalone package. This includes also the definition of permissions.

See e.g.

Related to third party app Security

We support security by design an an inherent block for our own apps (as stated above). Of course we want to make sure, that also also our partners deliver security-proven apps by using our security features, e.g. User Authorization and Authentification, Reverse Proxy etc. This is one essential part of our quality gates for third-party apps. As part of the partner program, we support our partners in reaching this goal.