IT security in production – A major challenge for machine manufacturers – Cyber Security Congress at METAV 2020 aims to shed light

Frank­furt am Main, the 29th Jan­u­ary 2020 — Almost dai­ly reports of hack­er attacks are unnerv­ing the pub­lic. Accord­ing to the results of a Deutsche Telekom sur­vey, near­ly two thirds of Ger­man com­pa­nies have fall­en vic­tim to hack­ing at least once. The mechan­i­cal engi­neer­ing indus­try, too, is expe­ri­enc­ing a sig­nif­i­cant increase in attacks on its pro­duc­tion facil­i­ties. Stef­fen Zim­mer­mann, Head of the VDMA Indus­tri­al Secu­ri­ty Com­pe­tence Cen­ter, explains how, in a recent VDMA sur­vey, more than a third of the mem­bers who respond­ed report­ed suf­fer­ing pro­duc­tion loss­es due to hack­er attacks, and more than half the com­pa­nies com­plained of cap­i­tal loss­es. The alarm bells should now be ring­ing in every com­pa­ny. Bet­ter pre­ven­tion is called for – as is a list of experts who can quick­ly be called in to pro­vide sup­port in the event of an attack.

Cybersecurity Congress at the METAV 2020 in Düsseldorf
Cyber­se­cu­ri­ty Con­gress at the METAV 2020 in Düs­sel­dorf

Natalia Oropeza, Chief Cyber Secu­ri­ty Offi­cer of Siemens AG, says: “You have to be aware of the risks asso­ci­at­ed with infra­struc­ture prod­ucts – and also be pre­pared to respond to them. Ignor­ing them can destroy your busi­ness.” Oropeza is set to give the keynote speech at the VDMA and VDW Cyber Secu­ri­ty Con­gress on 11 March 2020 at METAV in Düs­sel­dorf. She will talk about secu­ri­ty in the age of Indus­try 4.0 and the impor­tance of Secu­ri­ty by Design. This must include the entire sup­ply chain if trust­wor­thi­ness is to be ensured. Indus­try, man­u­fac­tur­ers and users need tech­no­log­i­cal trans­paren­cy and homo­ge­neous require­ments across dif­fer­ent mar­kets.

Who car­ries respon­si­bil­i­ty for data secu­ri­ty?

The major­i­ty of machines will be linked to the Inter­net in the future. This will con­front all the rel­e­vant par­ties – machine man­u­fac­tur­ers, com­po­nent sup­pli­ers, machine oper­a­tors and pos­si­bly also ser­vice providers – with com­plete­ly new chal­lenges. Pro­duc­tiv­i­ty, robust­ness, longevi­ty and reli­a­bil­i­ty were once the main pri­or­i­ties, where­as IT secu­ri­ty is now gain­ing in sig­nif­i­cance. Prac­ti­cal expe­ri­ence shows that there are many dif­fer­ent poten­tial secu­ri­ty vul­ner­a­bil­i­ties. “In many cas­es it isn’t major hack­er attacks that pose the great­est threat in every­day pro­duc­tion,” says Dr. Alexan­der Broos, Head of Research and Tech­nol­o­gy at the VDW. “Rather it’s the reg­u­lar and unavoid­able exchange of data via the USB inter­face of the con­troller, for instance, which pro­vides the gate­way into the sys­tem.” It is rel­a­tive­ly easy for IT experts to offer instant solu­tions, such as sim­ply clos­ing the USB inter­face. “How­ev­er, this pre­vents effi­cient use of the machine,” Broos con­tin­ues. Ser­vice tech­ni­cians, for exam­ple, need to be able to read out error logs and install updates. This is because auto­mat­ic updat­ing of the con­trol soft­ware, as hap­pens in the oper­at­ing sys­tem of the office PC, is rel­a­tive­ly unusu­al in pro­duc­tion equip­ment. Life cycles of ten years and more are by no means a rar­i­ty in machines and con­trol sys­tems. In addi­tion, the con­trol soft­ware for com­plex prod­ucts like machine tools is high­ly cus­tomised and is spe­cial­ly adapt­ed to par­tic­u­lar appli­ca­tions. The ques­tion there­fore aris­es as to who is respon­si­ble for clos­ing secu­ri­ty gaps. “The respon­si­bil­i­ty is shared to vary­ing degrees between the machine man­u­fac­tur­ers, con­trol sup­pli­ers and oper­a­tors,” Broos con­tin­ues. “Ulti­mate­ly, how­ev­er, the respon­si­bil­i­ty can only be met by all these togeth­er.”

Bernd Gehring, in charge of Indus­tri­al Secu­ri­ty at J.M. Voith SE & Co. KG in Hei­den­heim, adds: “There is a risk of the soft­ware in old­er machines being com­plete­ly out­dat­ed, and of the man­u­fac­tur­ers pro­vid­ing no fur­ther updates. Accord­ing­ly, com­pa­nies are well advised to pre­pare for dig­i­tal main­te­nance of their machines at an ear­ly stage.” The oper­a­tors, whose safe­ty require­ments machine man­u­fac­tur­ers have to meet, are increas­ing the pres­sure, he believes, as are the stan­dards that stip­u­late secure IT sys­tems. These are indis­pens­able in areas such as remote main­te­nance. He also points out that major invest­ment is some­times nec­es­sary in order to ensure machine secu­ri­ty. How­ev­er, there is often no ini­tial return on such invest­ment.

Cyber Secu­ri­ty Con­gress at METAV aim­ing to raise trans­paren­cy lev­els and sen­si­tiv­i­ty to secu­ri­ty gaps

At the VDMA and VDW Cyber Secu­ri­ty Con­gress to be held dur­ing METAV 2020, high-cal­i­bre speak­ers – e.g. from Siemens, the ZF Group, the Ger­man Fed­er­al Office for Infor­ma­tion Secu­ri­ty, Voith, Trumpf and Deutsche Telekom – will be talk­ing about par­tic­u­lar cyber secu­ri­ty chal­lenges in the auto­mo­tive indus­try, the poten­tial oppor­tu­ni­ties of secu­ri­ty sys­tems, and risk man­age­ment solu­tions.

We are par­tic­u­lar­ly tar­get­ing man­ag­ing direc­tors and prod­uct man­agers from indus­tri­al com­pa­nies with a strong cul­ture of inno­va­tion. They are espe­cial­ly at risk, and secu­ri­ty needs to be tack­led at the high­est lev­el,” sum­maris­es Stef­fen Zim­mer­mann. Nev­er­the­less, there is no such thing as 100 per cent secu­ri­ty, giv­en that the tar­get is con­stant­ly mov­ing and that hack­ers are con­stant­ly adapt­ing their meth­ods. Machine man­u­fac­tur­ers need to col­lab­o­rate with com­po­nent sup­pli­ers and oper­a­tors to make pro­duc­tion process­es more secure. The Indus­try 4.0 busi­ness mod­el can only work if dig­i­tal ser­vices are made absolute­ly secure. All the con­tribut­ing part­ners share a strong and com­mon inter­est in this.

Cyber Secu­ri­ty Con­gress

When:                                    Wednes­day, 11 March 2020, 10:30 until 14:30
Where:                                  METAV 2020, Düs­sel­dorf Exhi­bi­tion Cen­tre, Stock­umer Kirch­straße 61, Hall 1, Room 14
Fee:                                        € 89.00 plus VAT.
Book­ings:                              v.hoffmann@vdw.de
Fur­ther infor­ma­tion:            metav.de or https://www.metav.com/en/METAV_2020/Supporting_Programme/Cyber_Security_Congress

Categories: 2020