Cybersecurity

Voith is on the forefront of cybersecurity for the paper industry

Cybersecurity is an integral part of our systems and products

    Cybersecurity has become a principal factor in the overall digital/automation risk management for paper industry. With the increased technologies interconnections in IT/OT/IIoT system and legislation for security from worldwide customers, cybersecurity vulnerabilities present a substantial risk for industrial security and business continuity in an interconnected environment. Effective cybersecurity safeguards the protection of these crucial services supports business continuity and maintain regulatory compliance, safeguards sensitive data, and prevents damage to critical machinery and processes.

    Voith provides secure program to help our existing and future business. Voith has established the basic policy and measures criteria for secure control of products. By implementing them in product development processes, Voith is striving to eliminate vulnerabilities from products and improve security posture. We define a system lifecycle to be the entire period from product development to system introduction and operation.

    The digital security situation has worsened in recent years and the industry has increasingly become the target of cyber attacks. Voith has further expanded its expertise in industrial cybersecurity in order to provide our customers with the best possible protection. We understand that strong data security standards are essential to protect sensitive data and systems at all levels. Our comprehensive compliance with cybersecurity standards such as IEC 62443 and ISO 27001, as well as adherent compliance with NIS2 & CRA ensures that we are delivering the products & services catering to both regulatory bodies needs and customers’ requirements.
    Ulf Grohmann, Product Security Officer
    Cybersecurity is an integral part

    Product security

    Vulnerability handling policies

    Patches and vulnerabilty updates

    Lifecycle & product end of support

    Important notification

    Security advisory report

    Third party risk

    Security program & services

    Comprehensive cybersecurity of paper machine

    Awareness training

    Managed services

    Risk assessment

    Learn more

    Challenges - Solutions - Benefits

      Voith, the leading full-line supplier to the paper industry, is reaffirming its commitment to cybersecurity as an integral part of its systems and products. The global technology company has taken comprehensive measures to enable data security along the entire value chain and ensure production efficiency.

      • As the leading full-line supplier to the paper industry, Voith is actively committed to cybersecurity and integrates it as an integral part of its systems and products.
      • The entire value chain is protected through certified product development, extensive security measures and compliance with legal requirements from NIS2 & CRA and standards such as IEC 62443, ISO 27001 and GDPR.
      • With a secure IT infrastructure and cloud-based solutions from Voith, paper manufacturers can increase the integrity, confidentiality and availability of their data.

      Customers challenges

      Malicious cyber-attackers target plant and automation systems.

      • Malicious attackers are starting to focus on machine and automation systems.
      • Cyber-attacks on control systems are increasing.
      • Customers want to introduce more secure digital IT/OT & IIoT products in machinery are to enhance process efficiency.

      45
      45
      According to Trustwave Threat Intelligence, a staggering 45% of industrial cybersecurity attacks stem from hackers gaining access to credentials. These attacks often involve methods such as brute-force tactics, fraudulent support tickets, and the acquisition of logins on the Dark Web.
      80
      80
      According to Black Kite’s 2024 report, 80% of manufacturing companies in the US face critical vulnerabilities. This alarming statistic places these companies at significant risk of exploitation, particularly within the industrial machinery manufacturing sector, which is identified as the most susceptible to ransomware attacks.
      56
      56
      Ransomware attacks within the manufacturing sector have surged by 56%, particularly highlighting the trend of extortion, as reported by KnowBe4. This alarming increase necessitates urgent action from manufacturing organisations to safeguard their systems and data.
      45
      45
      According to KnowBe4’s report titled ‘Manufacturing: Maintaining Stability As Cyber Threats Explode in Volume and Sophistication’, malware incidents account for 45% of cybersecurity threats in the manufacturing sector. Notably, there has been a staggering 266% increase in information-stealing malware attacks, highlighting the escalating sophistication and frequency of these threats.
      54
      54
      In 2023, the Asia-Pacific region emerged as the primary target for cyber-attacks, constituting 54% of all reported incidents, according to findings from KnowBe4 and Statista. Europe ranked second, with 26% of the attacks, while North America and Latin America recorded lower percentages of incidents.

      Our solutions

      Voith provides secure paper machine/control products.

      Customer benefits

      Customers can build a more secure control system/automation system by using our secure control system products.

      • A defense-in-depth strategy makes control system products more secure.
      • Ensure regulatory compliance, providing you peace of mind.
      • Implement state-of-the-art security measures for enhanced protection.
      • Enable the availability of assets and guarantee uninterrupted production.

      We provide secure paper machine/control products and services

        By integrating industrial cyber data security into its products and services from the outset, Voith enables its customers to focus on their core business. Comprehensive compliance, data protection and a trusted and secure industrial IT infrastructure protect operations from unauthorized physical and digital access. Voith has received several certifications that demonstrate its high level of security expertise. The requirements of the standards apply not only to the company itself, but also to Voith’s suppliers.

        Trust and security are paramount in the development and implementation of IIoT products, services and systems. Our ongoing commitment to industry-leading security standards ensures the highest level of protection with a focus on compliance, data protection and robust infrastructure. Voith’s goal is to deliver secure solutions that enable our customers to realize the full potential of IIoT.
        Thomas Greil, Vice president, Products & services, Voith Paper
        We provide secure paper machine/control products and services

        Our ongoing commitment to industry-leading security standards

        Compliance with standards such as IEC 62443, ISO 27001 and GDPR

        The IEC 62443 cybersecurity standard relates specifically to industrial automation and control systems such as DCS, process control systems and automation networks. Voith also complies with the ISO 27001 cyber security standard, which forms the basis for an effective information security management system. This ensures that the security of information and data at Voith and its business partners is guaranteed. Another important aspect of security at Voith is compliance with the European Union's "General Data Protection Regulation" (GDPR) to ensure that personal data is protected in accordance with strict data protection regulations. Voith also complies with the EU Cyber Resilience Act (CRA). In addition to cybersecurity, Voith also attaches great importance to the quality of its products and services. The company complies with the ISO 9001 quality standard, which defines the requirements for an efficient quality management system.

        Introduce the Secure Systems Development Lifecycle (SSDLC)

        Secure Development Life Cycle (SDLC)

        The SDLC is Voith’s process for developing secure system products in accordance with IEC 62443-4-1. Its purpose is to develop products that do not contain vulnerabilities. The SDLC consists of six phases. We develop secure products by minimizing vulnerabilities in the outputs of each phase and identifying vulnerabilities early in the development phase.

        Additionally, the risk assessment is also performed during early development and also during implementation/commissioning and as well as for services.

        Voith PSIRT provides Voith product vulnerability support

        Product Security Incident Response Team (PSIRT)

        Voith PSIRT provides Voith product vulnerability support. As a focal point, Voith PSIRT leads and manages vulnerability information of Voith’s products together with Voith’s internal and external organizations.

        • Publishing security vulnerability reports
          Voith PSIRT publishes security vulnerability reports of Voith’s products through security advisories which contains affected products, measures, and relevant information.
        • Obtaining information on suspected security vulnerabilities
          Voith PSIRT obtains information on suspected security vulnerabilities from vulnerability information reporters such as security researchers and customers.

        VZ PSIRT

        Voith Security Advisory Report

        Voith Security Advisory Report (VSAR)

        Voith VSAR provides Voith Security Advisory Report.

        Cyber policies & procedures

          Principles

          • Develop products that are built to be resilient both in the present and for the future.
          • Safeguard that our products fulfill or surpass the cybersecurity standards set by their specific legislative contexts.
          • Product cybersecurity states to the capability of our products to be resilient to cybersecurity threats throughout the product’s life.
          • Our products are Secure-by-Design. Security is designed-in rather than bolted-on.

          • We deliver Defense-in-Depth, harnessing multiple defense mechanisms to provide multi-layered protection.
          • Our approach to product cybersecurity is proportionate and risk-based, reconciling functionality and performance with appropriate levels of protection.
          • Our security measures are designed to prevent product safety from being compromised as a result of security threats.

          Contact us

          Contact us

          Do you have a question or need advice? We are always happy to help! Please send an email or give us a phone call. Together we will find the right solution for you and your application.

          t +49 7321 37 2222

          Send message

          Ulf Grohmann

          Product Security Officer

          J.M. Voith SE & Co.KG St. Pöltener Straße 43 89522 Heidenheim, Germany

           

          t +49 173 6778 364

          Voith Paper on Social Media

            Voith Paper on LinkedIn

            Find out more about Voith Paper on LinkedIn

            Learn more
            Voith YouTube channel

            Watch our videos on the Voith YouTube channel

            Learn more

            Voith Paper Newsletter

              Subscribe to the Voith Paper newsletter
              Voith Paper Newsletter
              Subscribe to our newsletter and stay informed about news in the world of Voith Paper

              Always get the latest updates on new products and services, projects, campaigns and success stories as well as upcoming exhibitions and conferences – straight to your inbox.

              Subscribe now
              RIGHT OFFCANVAS AREA