Product security is a top priority at INNIO Group. It has to be. Not only are INNIO Group’s Jenbacher energy solutions often part of critical infrastructure, but more than 60% of the company’s global plant installations are connected to its ai-driven myPlant remote maintenance system – a network that merits the very best protection. As a pioneer of green technologies and services, INNIO Group has been working tirelessly on cybersecurity for more than a decade.
Here at INNIO Group, we already meet the risk management requirements that will become a legal obligation for us going forward.
INNIO Group has been focusing on cybersecurity for more than a decade, and set up a cross-departmental unit dedicated to product cybersecurity back in 2018. And, before its products leave the factory, INNIO Group makes the safety and security of those products a top priority. However, a key prerequisite for effective protection against attacks is not only an intricate knowledge of INNIO Group’s own products, but also an extensive understanding of how its customers use them.
INNIO Group’s remote maintenance system safeguards plants against unauthorized access. It uses the data diode approach, which only allows data to flow in one direction, namely outbound, from the plant to the cloud. Once a plant installation is complete, the customer is responsible for its own network security. In light of this, INNIO Group specifically draws its customers’ attention to the human factor as one of the biggest risks, providing technical instructions and making recommendations on how to safeguard the customer’s plants against cyberattacks.
Already in compliance with new directive for network and information systems
The entry into force of the new Network and Information Systems Security Directive (NIS2) will harmonize requirements across the EU. Helpful information on this directive is already available from the German Federal Office for Information Security (BSI), and is also applicable for Austria. NIS2 must be implemented throughout the EU by fall 2024. This means that many companies and institutions will have to meet stricter security standards and requirements, such as carrying out mandatory risk analyses. INNIO Group views these new, standardized rules for plant operators and manufacturers as a very positive development.
To comply with NIS2, suppliers must provide secure products and corresponding support by adhering to their customers’ newly applicable requirements, which will be passed upstream as they stand. INNIO Group’s security standards already exceed the legal requirements, because the sooner its customers understand that their plant operation meets strict cybersecurity standards, the greater their peace of mind will be.
