Cyber security for plant operators INNOVATION WELCOME – A SURE THING!


Cloud connection and networking via the Internet of Things (IoT) create entirely new analytical and practical opportunities for your plant operation – but also new risks.

In 2022 alone, ransomware attacks on operational technology (OT) systems in production and infrastructure increased by 87%.

Protect your system and data with professional and lasting vulnerability management – in other words, detecting and rectifying vulnerabilities. We’re here to help.

Your motivation:

With the rapid advances in networking of production systems and critical infrastructure, one key component is still far too often under-represented: Cyber security. That’s why Germany’s IT Security Act 2.0, the forthcoming EU Cyber Resilience Act, and the new EU Machinery Regulation 2023/1230 require manufacturers and plant operators to put specific security procedures in place. Standards IEEE 62443 and TS 50701 are also relevant in this connection. But how can you identify and counter vulnerabilities and risks in your Operational Technology (OT) components and systems?

Cyber security for your plant technology –
ask us!

Want to make your plant cyber-secure? Get advice from our experts: Send an email with your request or call us. Protect your OT against the dangerous consequences of software errors and vulnerabilities!

What creates added value for you:

As a plant operator you can monitor operational risks and minimize potential losses with our support. We focus mainly on two points in this regard:

  • We understand complex OT systems as a whole in order to reliably assess the impact of errors and establish mitigation mechanisms. Our experience shows that a comprehensive combination of system, software, and security expertise is essential. For many of our customers, this defines the “Codewerk factor.”
  • We operate and maintain your security monitoring system on the basis of Security Onion. This helps you reliably detect attacks both from within the network and from hosts.

Codewerk services for secure plant management:

Connecting your OT devices to a security monitoring solution, such as the open-source Security Onion solution

Integration of vulnerability scanners in your OT network and connecting them to Security Onion, like the open-source solution VulnWhisperer

What we do differently:

Codewerk is a partner to entities such as major industrial and rail vehicle equipment and component manufacturers, and is also active in R&D projects in the rail transport sector. Based on our understanding of complex systems and our own roots in software engineering, we can specifically target typical risks. Here are just three of many examples:

  • Insecure standard configuration:
    A quick and easy target for hackers, but still a widespread one. This is where our fuzzing comes in – a deliberate attempt to crash the system with randomly generated input data. Based on the insights obtained, we then apply our software expertise to optimize the source code.
  • Code vulnerabilities:
    Most software is sourced externally – and is therefore beyond the control of the product manufacturer. Our continuous vulnerability monitoring and management reveals security loopholes – in libraries or frameworks, for example – and assesses their potential repercussions.
  • Insecure data validation and input checking:
    If inputs are not properly validated, hackers can inject malicious code (e.g. SQL injection or cross-site scripting) into the system and execute it. Using Security by Design, we counter this risk right at the development and testing phase.

The product is ready – how about a little security on top? Why Security by Design in accordance with IEEE 62443 pays off

In many cases, cyber security is still considered a product feature – and treated as such: Once the basic functions have been defined and programmed, security is added on top as a compulsory component.

It’s time this way of thinking was turned around: How must a function be implemented to make it secure? Errors in system design in particular – e.g. insecure fallback mechanisms or errors in key management – can be avoided only using Security by Design. Error correction right at the development stage not only makes this approach more secure but also much more cost-effective.

Which security monitoring solution must I use? Points in favor of Open Source

We’re basically flexible – if, say, your corporate guidelines say you have to use a product from a particular manufacturer. But we believe there are clear practical benefits in using an open-source solution that gives us the freedom to tailor the code precisely to suit your requirements. We’ve had very good experience with Security Onion, a solution which our customer Wassergewinnung Essen relies on, for example.

The major benefit of Security Onion for us is the better overview of the system as a whole and the easier network hygiene. You get to know your own network better.

Detlef Stein, Wassergewinnung Essen (WGE)

See also:

“Head in the sand” no longer applies

How companies should respond to the EU’s Cyber Resilience Act

Standards-compliant cyber security for your OT –
ask us!

Want to protect your OT against the consequences of software errors and vulnerabilities? Contact our experts!
Your first step toward effective cyber security!


At Codewerk, we want to help improve protection for the world of OT. So cyber security is more than just another area of growth to us. We’re driving advances in this field out of a genuine passion for and identification with our customers’ world. As a long-standing software development partner to the process industry, manufacturing industry, and rail-based transport, we know how complex systems are – and how long a journey it is in order to achieve the same level of security as in IT. But there’s no time to slowly build up a culture of cyber security. The time to act is now.

At Codewerk, we want to help improve protection for the world of OT. So cyber security is more than just another area of growth to us. We’re driving advances in this field out of a genuine passion for and identification with our customers’ world.

  • A decade of experience as an independent software developer and service provider
  • Four locations in Germany
  • Partner in national and international R&D projects and in the open Siemens Xcelerator ecosystem
  • Certification to ISO Standard 27001 since 2020

Modellbasiertes Software-Engineering für die Fahrzeugsteuerung


Die Entwicklung und Validierung von Fahrzeugsteuerungssoftware beschleunigen wir auf Grundlage des modellbasierten Software-Engineerings.

IoT- und Edge-Applikationsentwicklung


Gesundheitszustände monitoren, Optimierungsmöglichkeiten im Netz erkennen, vorausschauende Wartung ermöglichen – unsere Applikationsentwicklung macht Wissen aus Ihren Daten.

Subsystem-Integration für Fahrzeugsteuerung und Betreibernetz


Multi-Vendor-Architekturen zu einem funktionierenden Ganzen zusammenzufügen – dafür übernehmen wir die volle Verantwortung bei der Subsystem-Integration für Fahrzeugsteuerung und Betreibernetz.



Um Schienenfahrzeugtechnik an den Herausforderungen der zukünftigen Jahrzehnte auszurichten, arbeiten wir intensiv an internationalen Forschungsprojekten mit.



Leistungsfähig und modular erweiterbar – wir leisten in internationalen Standardisierungsprojekten unseren Beitrag zu einem künftigen Basissystem.

Geräteintegration für SIMATIC PCS 7 / SIMATIC PCS neo


Die Leitsysteme von Siemens SIMATIC PCS 7 und SIMATIC PCS neo sind führend in der Prozessindustrie. Wir übernehmen für Sie die reibungslose, systemkonforme Integration Ihrer eigenen Produkte oder Third-Party-Komponenten.

PROFINET Stack Integration


Sie wollen PROFINET in Ihre Chips oder Geräte integrieren. Wir übernehmen die Adaption des geeigneten Stacks als Sorglos-Paket für Sie – bis hin zur Zertifizierung.

Systemintegration für industrielle Kommunikation


Ob PROFINET, OPC UA oder MQTT und darauf basierende Anwendungen – wir übernehmen für Sie die komplette Integration von Produkten in Ihre Systemlandschaft der industriellen Kommunikation.

IoT- und Edge-Applikationsentwicklung


Sie wollen aus Big Data Smart Data machen – wir bauen Ihre Anwendung: von der Datenerfassung (Konnektivität) über die Datenübertragung bis zur Datenevaluierung und -nutzung.


Sie wollen Ihre komplette Produktionsanlage in die IoT-Cloud bringen? Dann bringt Sie unsere eigens entwickelte MindSphere® Efficiency Suite weiter. Mit ihr modellieren und strukturieren wir Ihre Anlage in der Cloud – effizient, sicher und mit viel weniger Aufwand, als Sie denken.


Sichere Punkt-zu-Punkt-Verbindungen in der Industrie lassen sich relativ einfach mit den entsprechenden IO-Links realisieren. Damit die Integration systemkonform läuft, bieten wir Ihnen die passenden Treiber.


Die systemkonforme Anbindung von TURCK-Systemen an das Prozessleitsystem SIMATIC PCS 7 muss kein Zeitfresser sein. Unsere Baustein-Bibliothek sorgt für maximalen Komfort auf der Anwenderseite.

Cyber Security für Komponentenhersteller:


Wie wir Ihnen helfen, mögliche Schwachstellen in Ihren Produkten zu eliminieren – von der Produktentwicklung über den gesamten Lebenszyklus hinweg.

Cyber Security für Anlagenbetreiber:


Wie Sie mit uns Risiken im Betrieb monitoren und mitigieren können – unterstützt durch unsere Kombination aus System-, Software- und Security-Know-how.