Computer Security Day 2025

International Computer Security Day: Secure Digitalization Starts at the Foundation with an IoT Architecture That Offers No Attack Surface

International Computer Security Day on November 30 highlights each year how essential robust IT security concepts have become for modern technical infrastructures. Especially in industries where energy, water, machinery, and building technology are increasingly interconnected, security is no longer an optional add-on but a fundamental component of any digitalization effort.

However, many existing installations lack both secure network connectivity and an IT infrastructure that enables remote monitoring. This is exactly where the SMARTbox portfolio from PSsystec comes in – with an architecture built consistently on isolation, cellular communication, and cloud security.

Security as a Core Principle: Why the SMARTbox Portfolio Is Built Differently

All products in the SMARTbox family – from the IoT Energymonitor to SMARTsensor and SMARTmodbus, all the way to SMARTsocket, SMARTtempmonitor, or SMARThaccp – are based on a unified security approach: they operate as fully closed embedded devices.

There are no local logins, no exposed ports, and no web interfaces. As a result, the devices do not reside in the operator’s network and are not accessible from the outside. This deliberate elimination of potential attack surfaces is a defining characteristic of the entire PSsystec portfolio.

Cellular Instead of LAN: Isolated Data Paths via NB-IoT, LTE-M, and LTE

Communication takes place exclusively via mobile network technologies. Neither Wi-Fi nor the corporate LAN is used. This means the IoT devices remain physically separated from the operator’s structured network.

At the same time, data from energy or plant processes can be securely transmitted to the cloud—without adjusting firewall rules or opening internal systems. This cellular architecture provides a clear and protected communication layer, independent of the condition or availability of local IT.

PSA-Tested End-to-End Security Chain: Certified Protection from Device to Cloud

A central component is the PSA-verified digitalization pipeline of Deutsche Telekom. The Privacy & Security Assessment evaluates key security attributes such as encryption, data paths, network architecture, and cloud connectivity.

This ensures that every SMARTbox device is based on a consistent, hardened end-to-end security architecture that works without complex approval processes on the operator's side.

Secure Protocols and Protected Communication: Modern Standards for Reliable Data Transmission from Analog Signals to the Cloud

The SMARTbox platform processes a wide range of industrial signals and interfaces such as analog and digital inputs, Modbus RTU and Modbus TCP, BACnet, or M-Bus.

Regardless of the protocol, all communication follows a clear security principle: all data is encrypted using TLS or DTLS, and secured via protocols such as MQTT, LwM2M, and HTTPS for cloud interactions. Together, they ensure the continuous security of the cellular communication path.

Protocols such as Modbus TCP or BACnet remain fully confined to the local level behind the box and are never exposed to the Internet.

Thus, the entire communication path—from analog measurement signals, through processing in the embedded device, to the secure transmission into the cloud—remains protected and traceable at all times.

Cloud-Mediated Management: No Direct Access – Full Control via Secure Platforms

A key principle is: there is no direct access to the devices.

Firmware updates, configurations, and data management are handled through platforms such as Deutsche Telekom Cloud of Things or Cumulocity IoT. This keeps the devices themselves fully closed while the cloud platforms provide role-based access, audit logs, and reproducible, secure device management.

SMARTaccess – Secure Remote Maintenance Without IT Intervention: Remote Access via Safe Outbound Tunnels

SMARTaccess is a special component of the portfolio. While other SMARTbox devices focus exclusively on monitoring and data acquisition, SMARTaccess additionally enables remote maintenance.

This operates independently of the local IT infrastructure. All remote connections are established through TLS-secured outbound connections (so-called outbound tunnels), without VPN, without port forwarding, and without modifying the operator’s network.

SSH sessions are relayed through cloud proxies, enabling the secure use of engineering tools like TIA Portal, CODESYS, WAGO, or SCADA systems—without requiring customer networks to be opened. Role-based access models and comprehensive audit logs ensure maximum transparency.

Security for All Industries: Isolated. Cellular-Based. Ready to Use.

The SMARTbox portfolio is designed to function without complex IT installations, enabling secure digitalization even where traditional network infrastructure is missing.

Whether in water and wastewater technology, energy supply, mechanical engineering, building automation, or industrial processes – all IoT solutions benefit from the same secure, stable, and isolated architecture.

Conclusion: Digitalization Requires Security – and Security Begins with System Design

International Computer Security Day underscores that modern digitalization can only succeed on top of a robust security architecture. The SMARTbox portfolio from PSsystec is designed to securely capture data from existing systems without creating attack surfaces and without burdening IT infrastructure.

Cellular instead of local IT.
Cloud instead of device access.
Security instead of risk.
‍

Analog world. Digital data. Securely transmitted.