Gamechanger KontronOS - the secure Linux®-based operating system

It is essential for companies to protect their numerous end products (e.g. charging stations, parking systems, validators, etc.) against unauthorized access and manipulation by third parties. With the increasing use of IoT devices, the need for comprehensive cyber security measures is more important than ever. Our KontronOS operating system is a convincing answer to this new challenge.

The importance of IoT security

The Internet of Things has become an integral part of modern life and is fulfilling crucial tasks in more and more industrial companies. However, in order for the benefits of IoT-enabled devices to be fully exploited, they require comprehensive access to the collected machine data.  Due to the associated constant Internet connection of the various devices, even an unprotected printer can potentially grant an intruder access to your network. A comprehensive or far-reaching problem that therefore requires a holistic software solution.

KontronOS - customized protection for embedded devices

KontronOS is part of the kontron susietec® toolset and has been specially developed for use in industrial environments. The operating system is based on the open source software Yocto Linux®, which is particularly suitable for embedded devices. A special feature of KontronOS is that all parts - from the boot loader to the applications - can be exchanged. It also ensures that only proprietary software runs on the device and that individual components can be encrypted separately. Updates can either be downloaded via the cloud functionality or installed locally using USB sticks, for example. Whether online or offline: Your system is always up to date. The operating system is therefore geared towards your specific wishes and needs and can be adapted to local conditions as required and used as a standard IoT stack, modified standard or customized.  

The basis for secure success - application in use cases

In this section, we illustrate the potential of KontronOS by explaining two practical use cases.

Customized optimization of production

A manufacturer of sawing machines monitors the status of its production using a self-developed algorithm that is encapsulated in a separate Docker container. This tracking enables the company to increase the production capacity of its saws and improve service for its customers. The use of KontronOS permanently ensures that the IoT-enabled device on which the algorithm is located can be operated securely.  However, our security solution is anything but a ready-made solution. Rather, the specific configuration of the OS is adapted entirely to the existing preconditions (e.g. modified interfaces (IO), modified housing, BIOS modifications or secure boot). Various integration levels and the containerization of the software ensure that the interaction between the operating system and the customer application functions smoothly in every possible setting. 

Thanks to this customization, the manufacturer's other applications can also be executed on the basis of KontronOS from this point onwards - and benefit from its security and the advantage that the application level and operating system level operate separately from each other.  If, for example, a new operating system update is installed, the switch is flipped to another partition. Docker, with its containerized approach, enables smooth transitions and ensures that the applications remain intact and operational. The key to this is that Docker keeps the applications in a separate environment. There is therefore no need to regularly change system settings or run the risk of losing files during updates.

In addition, Docker containers offer an alternative to traditional application installation. They can be easily moved from one device to another, simplifying the deployment process. It is a practical solution that meets the need for simplicity in managing different fleets of devices.

Efficient updates for large device fleets  

In this use case, a leading provider of industrial sealing technology is faced with the challenge of modifying the setup of existing Docker containers in its devices. Due to frequent updates without prior change synchronization, the existing setup causes excessive bandwidth usage and, as a result, high roaming costs. By installing the customized version of KontronOS on the devices, the existing Docker containers can be transferred to the comprehensive fleet management solution for edge devices, the KontronGrid IoT bundle. The successful integration made it possible to optimize the handling of the containers on the various machines in the network in such a way that efficiency is increased and significantly less bandwidth is consumed. The connection of KontronOS and KontronGrid also allows the security updates of all connected devices to be carried out successively at the same time without great effort - which means a considerable reduction in potential sources of failure.

More information about this use case can be found here.

The synergy of the kontron susietec® toolset

As can be seen from the two use cases described above, the full potential of KontronOS is revealed in combination with the various other applications of the kontron susietec® toolset. In conjunction with our comprehensive fleet management solution KontronGrid, important security updates can be rolled out automatically at the same time, even for large, diverse fleets of devices. The device management, docker management and remoting services ensure that the entire fleet is managed and always kept up to date.

You can find more information about our innovative toolset here.

In the next section, we explain why switching to KontronOS is particularly beneficial for your company right now.

The elegant long-term solution for your IoT security

The breakthrough and increasing prevalence of IoT solutions means that IoT applications are managing more and more highly sensitive data and processes - which is why their legal framework is also becoming tighter. The changed requirements will be taken into account in the EU in 2024 by adapting the Radio Equipment Directive and the Network and Information Security Act (NIS2). As a national adaptation of the provisions, the NIS2 Implementation Act and the KRITIS Umbrella Act will come into force in Germany from October 2024. Manufacturers, integrators and operators of IoT products in the critical infrastructure environment (so-called KRITIS) are required in detail to meet comprehensive requirements in the IT security sector. 

The implementation of KontronOS on your devices supports you significantly in this objective and equips you comprehensively against cyber attacks today. The hardware managed by our operating system is regularly checked with penetration tests and the software used is continuously scanned for known security vulnerabilities. This recording and detection of acute cyber risks using CVE (Common Vulnerabilities and Exposures) scans makes it possible to provide short-term patches to eliminate vulnerabilities and continuously improve security. KontronOS thus promises comprehensive, intelligent and long-term protection against cyber threats over the entire service life of your IoT devices.

Conclusion: opt for KontronOS - and play it safe

Technical progress is unstoppable and the benefits of the Internet of Things continue to help make processes more efficient, data collection easier and our lives more pleasant overall. However, the interlinking of different information streams not only increases complexity - it also makes adequate protective measures for sensitive and critical sectors increasingly necessary. As an IoT-using company, you need a strong and experienced partner in order to maintain an overview in the face of increasing cybercrime and progressive regulation. Kontron is one of the leading IoT companies and, with KontronOS, offers the right answer to the IoT security challenges of our time.

Our future-proof, Linux®-based operating system can be implemented quickly and flexibly in your individual systems. Comprehensive monitoring options and regular CVE scans protect you continuously and reliably against any form of cyber threat. Benefit from the advantages of cloud functionality for fast, automated updates. By linking to the scalable KontronGrid, even large device fleets can be supplied with patches in record time. 

From hardware, bootloader, kernel and Linux® system to IoT device management and support - KontronOS offers you seamless cybersecurity from a single source.

If you would like more information about our secure IoT operating system, please contact our team of experts.