Latest Case Studies & White Papers

Cyber security of HMI systems

Horst Friedrich, Director Product Management and Documentation, R. STAHL HMI Systems GmbH

HMI systems are the staff's main window to processes. However, certain ground rules are necessary to prevent them from becoming an open invitation to hackers. The choice of systems is key to success: state-of-the-art technology as is used for R. STAHL's new ORCA HMI device platform can exclude a great many sources of human error right at the start.  

You can always depend on human error, both in environments such as company IT as well as in OT (operational technology), which includes automation systems. A careless click of the mouse on a link or file accompanying what seems like a mail sent by a colleague or business partners can create havoc in integrated company IT systems. Operational systems such as control or process control systems also increasingly come under attack by hackers. A recent study by Trend Micro – a company specialising in network security – showed that in 2021, 90% of German companies in electricity, oil and gas supply as well as in the manufacturing sector were the target of cyber-attacks. On average, a successful attack resulted in damage to the tune of 2.9 million Euros. 

Automation systems are increasingly becoming the primary target of such attacks. After all, whilst office IT becomes ever more secure, there are still a lot of companies with gaping holes in their OT security. When machines that used to be operated in isolation are being integrated into the company networks during a digitalisation drive or as part of IoT projects, these security gaps become the entry point for hackers. Latest at this point operators should check whether there is unprotected maintenance access to the machines, whether the security of all control systems is up to date, whether USB interfaces are deactivated, and, last but certainly not least, whether the default password of an operator station or a SCADA system has ever been changed. If the answer to any of these questions is "no", the door to the system is wide open for anyone to enter – as a simple internet search for "scada system passwords" will show.

Recent legislation has also recognised the importance of this subject, in the European Union for example by defining key requirements for operators of critical infrastructure in the DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL by numbering chemical companies amongst critical infrastructure, in addition to assets essential for the functioning of society and economy. Such companies have to go to great lengths to meet the statutory requirements for IT security and cyber resilience, and non-compliance could lead to fines of up to 2 million Euros. 

Authentication as the most common blind spot

Efforts to ensure cyber security have always suffered from moving goalposts: although staff awareness of cyber risks is on the increase, cyber criminals are constantly upping their game. Social engineering and phishing attacks are becoming ever more sophisticated. But the good old USB trick also still works: plausibly labelled USB sticks left lying around are connected by unsuspecting staff to operator stations and control stations. Private mobile phones are also often connected to company systems. Then there are easy to guess passwords or passwords written down on pieces of paper stuck to the screen, a notice board or a whiteboard for any visitor or video conference member to see. A post-it note under the keyboard is also not a safe hiding-place for passwords. A Trend Micro study from 2018 showed just how important safe authentication is: according to the study, almost half of the successful cyber-attacks on HMI systems were down to unsafe passwords and insufficient access authority management. 

Often it is a question of ergonomics that leads to laughably easy passwords being used: which operator using several stations within a plant takes the time to enter a complex, 16-digit password via the screen keyboard every single time? Also, the software and hardware used in the process industry has often been in place for many years and has been developed at a time when integration, digitalisation and the Internet of Things were neither relevant terms nor development targets. Many operators simply have no idea exactly which devices and software systems are running in their plants.

Thin Clients reduce on-site cyber risks

During the development of the ORCA HMI series, launched in the summer of 2022, R. STAHL has addressed many aspects of cyber security. The Thin Client approach forms the basis: unlike independent on-site computers such as the ones used in Client/Server environments, the actual logic processes and data back-up for Thin Clients take place on a centrally administrated server. This means that many IT risks are immaterial for the on-site operator station. The operator's IT specialists can focus on security measures for the server. The ORCA HMI operator devices are closed systems with industrial-grade security. They have neither hard disk nor drives where malware could attack. To prevent manipulations at the level of the operating system, the UEFI-BIOS with the "secure boot" function is used: Windows is only booted up once it has been ascertained that parts of the firmware such as the boot loader have not been manipulated by unauthorised access. Also, the configuration supports customised security concepts.

R. STAHL is using the Remote HMI firmware for its Thin Clients. This has been designed as a closed system and is based on the Microsoft Windows 10 Enterprise 2019 LTSC operating system. LTSC stands for "Long Term Servicing Channel", an update channel through which the company guarantees a 10-year long support with security updates. The firmware is used to configure, establish and secure remote connections to application servers, or, in the simplest case, to a workstation. This allows remote access from one operating station to one or more workstations within a network. This is not only the case for the new ORCA devices, but also for the manufacturer's earlier device platforms.

Ergonomics relevant to security

Easy handling in day-to-day work is a precondition for maintaining a high level of security:security solutions that hinder staff in their daily routines provoke workarounds. For example, when passwords are constantly requested at different workstations users tend to choose a simple, short password, or they simply do not log off when leaving the work area. With the ORCA devices, users can log on by means of contactless RFID authentication. This ergonomic solution allows staff to easily log onto a workstation without even taking their gloves off, ensuring a high level of access protection. 

The RFID readers support the particularly user-friendly LogOnPlus software from i.p.a.s-systeme. This is a modular server-client application that manages log-on control for production applications. Users are, for example, identified through their RFID ID card, authenticated vis-a-vis the company's active directory and then logged on to a target application such as a distributed control system by LogOnPlus via an application-specific connector. 

But it isn't just the question of usability where R. STAHL is looking after the operators' interests. The hardware was designed such that the devices can be used for a long time: Thin Client and display box can be easily disconnected, with no cables involved, making replacements that might be needed for a more powerful system easy and simple. R. STAHL guarantees a service life of at least 15 years for the modular ORCA design. This enables us to achieve the balancing act between short IT innovation cycles and long-term plant operation– without having to compromise on cyber security.



722B9E08 0A96 4A11 B75E 1D1821E31C64 










The future clicks into place


67077896 B93A 4AAF 866B 2E6A00493711

















During the development of the ORCA HMI series, cyber security was given utmost priority

A0F132B6 DE80 45DC AF3F EA6843BC7A4D












The new ORCA device platform design, specifically developed for long availability.

20C571C6 4D49 48DC BED7 D43D689C12A0












With the launch of the new, modular ORCA HMI platform we are introducing the new, cordless EasyConnect click-fit system.

This artilce can be also found in the issue below.






Pin It