Intended Use and IT Security Instructions

This section provides crucial safety and security information and recommendations to help you configure your Welotec Industrial Computer (IPC) for optimal security in your deployment.

Intended Use

This section specifies the intended use and essential operating conditions for your Welotec Industrial Computer (hereinafter referred to as “IPC”).

The IPC is designed for use as a dedicated control, monitoring, and data acquisition unit within the enclosed control cabinet of a machine. Its primary function is to execute specific machine-control software, process operational data, provide human-machine interface (HMI) functionalities, and/or facilitate communication within the industrial automation environment. The IPC is exclusively intended for continuous operation within a controlled industrial setting.

The intended use of the IPC is strictly defined by the following conditions and requirements:

Physical Security and Installation Environment

  • Enclosure: The IPC must be permanently installed within a secure, locked control cabinet (e.g., meeting IP54 or higher protection class) that provides adequate protection against dust, moisture, mechanical impact and unauthorized access.

  • Controlled Access: Access to the control cabinet and its wiring must be restricted to authorized personnel only. Physical security measures (e.g., key locks, access control systems) are mandatory.

  • Environmental Conditions:

    • Temperature: The IPC must operate within the specified ambient temperature and humidity range as outlined in the technical specifications. Adequate ventilation or active cooling within the cabinet must ensure these limits are not exceeded. This includes accounting for the unit’s own thermal dissipation and that of all other components in the cabinet.

    • Vibration and Shock: The IPC must be mounted securely within the cabinet to minimize exposure to excessive vibrations and mechanical shock, adhering to the manufacturer’s specifications.

    • Cleanliness: The inside of the cabinet must be kept free of dust, debris, and contaminants that could impair cooling or lead to electrical shorts.

EMC compliant electrical Installation and Power Supply

This product is designed to meet EMC standards when installed according to the following instructions. Failure to adhere to these instructions may result in the equipment failing to meet compliance standards and can cause interference with other devices. The installer is responsible for ensuring the EMC conformity of the final system.

  • Power Supply: The IPC must be connected to a dedicated stable and filtered power supply within the specified voltage range. To ensure operational reliability and meet EMC requirements, the power source must provide adequate filtering against surges, transients, electrical fast transients (EFTs), and conducted RF noise common in industrial environments. An Uninterruptible Power Supply (UPS) is highly recommended to protect further against power fluctuations and outages.

  • Wiring: All wiring connecting to the IPC must comply with applicable industrial wiring standards, be properly insulated, strain-relieved, and protected against mechanical damage.

  • Grounding: The unit must be properly grounded according to the installation manual, typically via a low-impedance connection to the control cabinet’s central grounding point.

Functional Safety

This unit is not certified as a standalone component for functional safety applications (e.g., SIL, PL).

Intended Use: The unit is intended for standard control and monitoring. It must not be used as the sole or primary controller for safety-critical functions (e.g., emergency stops, safety interlocks, light curtains, burner controls).

System Integration: Safety-related control logic must be executed by dedicated, certified safety controllers (e.g., Safety PLC, safety relays). This unit may be used to supervise or monitor a safety system (e.g., for HMI visualization or data logging) via a non-safety-rated communication channel, but it must not be part of the safety-critical control loop. The failure of this unit must not lead to a loss of the primary safety function.

Qualified and Trained Personnel

  • Installation, Configuration, and Maintenance: All installation, configuration, maintenance, troubleshooting, and repair activities on the IPC and its connections within the control cabinet must be performed exclusively by qualified, trained, and authorized technical personnel. This personnel must possess proven expertise in  electrical systems, IT hardware, and cybersecurity best practices.

  • Security Awareness: All personnel interacting with the IPC or the network it is connected to must receive regular training on IT security awareness including password policies and reporting suspicious activities.

Software and Configuration

  • Operating System: Only the pre-installed or manufacturer-approved operating system (OS) version may be used. The OS must be regularly updated with security patches provided by the manufacturer or OS vendor, after thorough testing in a non-production environment.

  • Secure Configuration: The IPC’s operating system, firmware, and installed applications must be configured according to secure hardening guidelines, including disabling unused services, ports, and protocols, and enforcing strong password policies.

  • Secure Boot: Where supported Secure Boot must be enabled to prevent the loading of unsigned or malicious bootloaders.

Please refer to the section “Cyber Security” for further details.

Network Segmentation and “Defense in Depth” IT Security Principles

  • Network Segmentation: The unit and its control network must be isolated from all other networks (e.g., corporate, guest, public internet) using industrial firewalls and network segmentation. Direct connection to the internet is considered misuse unless done via a secure, managed gateway.

  • Defense in Depth: A multi-layered security approach (“Defense in Depth”) must be implemented for the entire machine. This includes:

    • Network Security: Industrial Firewalls (e.g., Next-Generation Firewalls) at network boundaries, strict firewall rules (whitelist approach – only allow explicitly required traffic), VLANs for segmentation.

    • System Security: Operating system hardening (minimum services, disabled unnecessary ports), regular security updates, robust antivirus/anti-malware solutions specifically designed for industrial environments, and strong password policies.

    • Application Security: Secure configuration of all industrial applications, disabling default credentials, and ensuring application-level security features are enabled.

    • Data Integrity: Measures to ensure data integrity and availability (e.g., backups, redundant systems where appropriate).

    • Physical Security: see above

  • Access Control: Remote access to the IPC (if required) must be strictly controlled, using secure connections, multi-factor authentication, and granular user permissions. Unnecessary remote access functionalities must be disabled.

  • Logging and Monitoring: The IPC and connected network devices should implement logging of security-relevant events. Centralized monitoring and alerting systems are recommended for timely detection of anomalies.

Non-Intended Use

Any use of the IPC that deviates from the conditions described including but not limited to:

  • Operation outside the specified environmental limits.

  • Operation without a secure, enclosed control cabinet.

  • Operation in hazardous locations (e.g., explosive atmospheres) for which the unit is not explicitly certified.

  • Installation or maintenance by unqualified personnel.

  • Connection to an unfiltered, unstable, or non-grounded power source.

  • Direct connection to unsecured corporate networks or the internet without adequate protective measures.

  • Installation of unauthorized software or operating systems.

  • Bypassing or disabling of security features (e.g., firewall, antivirus, Secure Boot).

  • Failure to implement a cyber security management plan (patching, hardening, access control).

is considered non-intended use and may result in:

  • Damage to the IPC or the machine.

  • Compromised data security and integrity.

  • Serious personal injury or death.

  • Failure to comply with regulatory requirements.

Exposed Interfaces and Services

The following interfaces are exposed:

Interface

Comment

LAN 1 … 3

COM 1

USB 1 … 4

HDMI

DI / GND

Digital Input

DO / GND

Digital Output

SW / GND

Power Switch

Available services highly depend on Operating System type and version.

Cyber Security

The flexibility to run common operating systems like Windows and Linux places the full responsibility of cyber security implementation on the system integrator and end-user. The unit is a component that must be integrated into a comprehensive, defense-in-depth security architecture.

The intended use requires the integrator/user to implement, at a minimum, the following:

Use Secure Boot

Secure Boot is a crucial security feature that helps protect your system from malware and unauthorized operating systems during the boot process. It’s a component of the Unified Extensible Firmware Interface (UEFI) that ensures only trustworthy software, signed with a digital certificate, loads when your system starts. Without Secure Boot, malicious programs or unsigned operating systems could load unnoticed before the actual operating system, compromising your system’s integrity and security.

We highly recommend enabling Secure Boot - please refer to “BIOS” section for further details

Enable Storage Encryption

Storage encryption is a critical security measure that protects your sensitive data by rendering it unreadable to unauthorized parties, even if they gain physical access to your storage device. In today’s interconnected world, where devices can be lost, stolen, or compromised, ensuring the confidentiality of your information is paramount.

Windows (using BitLocker with TPM)

Windows’ built-in BitLocker encryption leverages the TPM to securely store the encryption key, making the process largely automatic and secure.

  • Check TPM Status: Ensure that the TPM chip is enabled in the UEFI/BIOS settings

  • Open BitLocker Drive Encryption: Search for “BitLocker” in the Windows search bar and select “Manage BitLocker.”

  • Turn on BitLocker: Select the drive you wish to encrypt (typically your C: drive) and click “Turn on BitLocker.”

  • Follow the Wizard: Windows will guide you through the process. Since a TPM is present, it will typically automatically use the TPM to store the encryption key. You will be prompted to save a recovery key (e.g., to a Microsoft account, a USB drive, or print it) – this is crucial in case you ever need to access your data if the TPM is reset or unavailable.

  • Start Encryption: The encryption process will begin in the background. You can continue using your computer during this time.

Linux (using LUKS with TPM consideration):

Linux uses LUKS (Linux Unified Key Setup) for full disk encryption. Integrating it with a TPM for automatic unlocking at boot can be more involved than BitLocker but offers similar benefits. This typically involves tools like clevis or systemd-cryptenroll.

  • Install Necessary Tools: You’ll need cryptsetup for LUKS and potentially tpm2-tools and clevis (or similar TPM integration tools) if you want to bind your LUKS key to the TPM for automatic decryption.

  • Encrypt the Drive (during OS Installation or manually):

    • During Installation: Most Linux distributions (e.g., Ubuntu, Fedora) offer an option to “Encrypt the disk” during the installation process. This is the simplest way to set up LUKS.

    • Manually (Post-Installation): If encrypting an existing drive or a secondary drive, you would use cryptsetup luksFormat /dev/sdXy to format the partition for LUKS, followed by cryptsetup luksOpen /dev/sdXy my_encrypted_drive and then creating a filesystem on the opened device.

  • Bind LUKS Key to TPM (Optional, for automatic unlock):

    • This is the step that utilizes the TPM. Tools like clevis can be used to “bind” a LUKS passphrase (or a key slot) to the TPM. This allows the system to automatically unlock the encrypted volume at boot if the TPM verifies the system’s integrity.

    • The exact commands vary, but it generally involves generating a new LUKS key slot and then using a TPM-binding tool to store the key in the TPM and configure the system to use it for unlocking.

  • Update Boot Configuration: Ensure your bootloader (e.g., GRUB) is configured correctly to handle the encrypted root partition and, if used, to leverage the TPM for unlocking.

For both operating systems, it’s essential to:

  • Backup your recovery keys/passphrases: Without them, your data can be permanently lost if there’s a hardware failure or you forget your primary password.

  • Understand the implications: While encryption provides strong security, proper handling of keys and adherence to security best practices are still crucial.

Use Strong Passwords

Strong passwords are the first line of defense against unauthorized access. If you want to use password based access it is recommended to:

  • Change the factory default password on first login

  • Use passwords with a minimum length of 12 characters or more

  • Use a combination of uppercase and lowercase letters, numbers, and special characters (e.g., !@#$%^&*)

  • Do not use easily guessable patterns, such as sequences (e.g., “123456”, “abcdef”), repeated characters (e.g., “aaaaaa”), or dictionary words

System Hardening:

The operating system (Windows or Linux) must be hardened. This includes:

  • Disabling all unused services, applications, and network ports.

  • Enforcing strong, unique passwords for all accounts.

  • Implementing a least-privilege access model for users and applications.

  • Configuring OS-level firewalls (e.g., ufw, Windows Defender Firewall).

Patch Management

A robust process must be in place for testing and deploying security patches for the operating system and all installed third-party applications. This process must be compatible with the operational constraints of the industrial environment.

Endpoint Protection

Where appropriate for the application, industrial-compatible endpoint protection (e.g., anti-malware, application whitelisting, host-based intrusion detection) must be installed, maintained, and kept up-to-date.

Physical Security

Use of the locked control cabinet (see Section 3) to prevent unauthorized physical access and tampering (e.g., via USB ports) is a critical part of the security model.

Vulnerability Handling

Welotec has implemented a Coordinated Vulnerability Disclosure Policy - please visit the following site for further details: https://welotec.com/pages/coordinated-vulnerability-disclosure-policy