Our IIoT platform Nerve supports automation and digitalization on the shop floor and addresses new challenges, e.g., cybersecurity, in the industrial sector. Our team is in constant contact with our customers and partners to enable us to provide machine builders and system integrators with the right solutions for their IIoT journey. We incorporate the feedback we receive to deliver enhanced features and an optimized user experience with Nerve. Our most recent releases include additional cybersecurity features, as we are working on the final stages of the product certification of Nerve according to IEC 62443-4-2.
Two release versions are available:
- Release 2.10.0: This is available as an update for all previous versions but does not include the secure boot and data encryption feature.
- Release 3.0.0: This version includes secure boot and encryption features. It is only available as a new installation (not an update) and requires customers to perform some manual installation tasks on their devices.
The upcoming release (Nerve 3.1.0) will include the complete feature set required by the industrial cybersecurity standard IEC 62443-4-2. A direct update will be possible for those who have installed Nerve 3.0.0. Customers who are using version 2.10.0 and wish to use secure boot and disk encryption need to freshly install 3.0.0 or any of the upcoming releases on their devices.
The major changes covered in the current releases (2.10.0 & 3.0.0) are:
Docker registry - integrated into the Management System
Docker images can be stored in the Nerve Management System in a Docker registry, allowing the use of the native Docker mechanism for image handling and direct access to the Management System registry. Users benefit from faster and more reliable image transfers and can use standard SecDevOps operations in image handling and workload definition.
Audit logs on the Node
It is now possible to log all activities on the Nodes (incl. DNA) in addition to the Management System audit logs for enhanced security and transparency. These logs can also serve as an investigation basis in case of incidents as per the requirements of the industrial cybersecurity norm IEC 62443-4-2. An interface for the upload of audit logs from customer workloads into the Management System via Nerve is available.
Full access to Docker volumes
This feature allows users to list and download or upload content from or to all Docker volumes, with the Nerve Management System acting as a proxy for content extraction. This simplifies data management with easier backup, restoration, and migration, and enables better use of storage space. This functionality is also available via the local user interface.
Security improvements in line with IEC 62443-4-2
The new releases add further security improvements, such as the Nerve internal and Docker networks range definition by user, the blocking of incoming traffic on WAN interfaces, the obfuscation of the SecureID inside the Management System, the backup and restoration of functionality with Docker volumes import and export functions, as well as the throttling of traffic in and out of the Management System to provide DoS resilience.
Improvements to user interface and user experience
These improvements ensure quicker and easier navigation and enable some additional features for better usability, such as the option to share the URL to a deployed workload on a Node with other users, easy debug log extraction from the local user interface, and NTP server selection. Additional hardware devices have been qualified to be used with Nerve.
Secure boot and encryption – available only with Nerve 3.0.0
This major security upgrade is designed to increase the integrity and confidentiality of data for edge deployments. Secure boot ensures that only trusted, signed software is allowed to run during the startup of the system, preventing unauthorized or malicious code from executing. Only after the secure boot has been successfully completed, the decryption keys required to unlock the encrypted disc partitions will be released. This ensures that data is protected in case the secure boot fails or is tampered with. The disc encryption feature protects sensitive user data such as Docker volumes, configurations, logs, and workloads against unauthorized access.
Please note: Nerve 3.0.0 requires manual installation and is available for newly installed devices, on TTTECH Industrial’s industrial PC MFN 200, and on third-party hardware.
You can find the full details of the releases here:
If you have any questions, please don’t hesitate to contact us.
