Nowadays, the maintenance of important boards, controllers and other components of transport and forklift vehicles is usually made digitally. But that makes them vulnerable to cyber attacks. A scenario that must be avoided! So FB Pro helped with customized system hardening.
HUBTEX develops and produces sideloaders, industrial trucks and special vehicles. The company from Fulda (Germany) stands for low-maintenance technology, durability and high quality standards.
The starting position
HUBTEX vehicles are used all over the world. Among the customers are also companies that are active in the field of KRITIS (= “kritische Infrastruktur”, german for “critical infrastructure”). For an important and time urgent project HUBTEX delivered adapted vehicles for use in a special environment.
The service device relevant for these vehicles, a notebook with Windows 10, was also part of the order. This service device had to be secured accordingly.
Securing the service and maintenance infrastructure is important because the forklift and special-purpose vehicles can be serviced by technicians via network connection and USB stick, for example. In these situations, the aspects of information security and data protection must always be guaranteed.
The goal of HUBTEX was to minimize the attack vectors as much as possible initially and also during operation. And this under the premise that simple, digital maintenance of the vehicles remains possible.
What is the ideal solution for HUBTEX’s requirements? A system hardening! To be able to carry this out to the highest standard and fully automated, the Enforce TAP is used.
In several discussions with HUBTEX and the end customer, it was agreed to implement the hardening according to generally accepted hardening recommendations.
In addition, various technical solutions had to be worked out on the basis of known use cases, coordinated with the contacts involved and technically tested.
Implementation and challenges
It soon became apparent that the hardening standards had to be adapted for the intended use. Among other things, the SiSyPHuS recommendations of the German Federal Office for Information Security (BSI) for Windows 10 were used for this.
In addition, the end customer required strict enforcement of the “clean source principle”. This means that the service and maintenance infrastructure was installed in a sealed-off environment without Internet access. Only verified installation files (for example, via malware scans and hash value checks) were permitted. This required meticulous preparation, as a software download from the Internet “just quickly” is not possible in such a critical environment.
In addition, we provided the evidence that was important for an external auditor via the AuditTAP. In this way, we were able to transparently show where the BSI recommendations were complied with. For the deviations, the Enforce Administrator helped us. It generated the exception documentation quickly and automatically.
In addition to the special requirements of the end customer, the tight time frame of the project also played an important role. Only about two weeks passed from contacting the customer, initial arrangements, followed by design and testing, to preparation and implementation of the installation, including final system hardening.
The Enforce TAP now provides continuous hardening of the service infrastructure. This means it can be used on the HUBTEX customer’s critical infrastructure. And the technicians continue to be able to service the vehicles as usual.
Information security at the highest level, “just in time” and with the best practicability: This is how the result of the project can be summarized.
About the Enforce Suite
Enforce TAP and Enforce Administrator are components of the Enforce Suite. This enables companies to secure their IT systems through the technical measure of “system hardening”, based on legal requirements.
FB Pro has been successfully using Enforce TAP and Enforce Administrator for years to harden complex system landscapes. Both implementation and permanent support can be provided as part of a managed service.
Do you need professional advice or support for system hardening measures? No problem: Our experts are here for you! Get in touch for a no-obligation discussion.