With the Industry 4.0 concept and the cyber-physical systems supporting the new “industrial revolution,” the economy wants to secure, and expand its international competitiveness. Much stands and falls with the IT infrastructure in the factories and production facilities involved and their protection.
More productivity and greater flexibility through decentralized, highly networked systems is the goal of the intellectual fathers of Industry 4.0. That means: machines, sensors, and actuators will be networked with one another and exchange their data via the “Internet of Things.” From the ERP system for order control through the Scada computers at the power and operations management level to the sensor at the field level, all systems and subsystems will have an Internet address and will be accessible from outside.
Status reports, requirements for raw materials, control commands, construction data, information on energy consumption, maintenance status, and system reject rates, all of this will circulate in the networks to a much greater extent than today and be stored in the “cloud,” according to the vision of the pioneers. Much of this data is relevant to competition.
Industry 4.0: So Far, There Are No Adequate Concepts For IT Security
With this new dimension of networking, the security risks must be reassessed. Espionage and sabotage programs such as Stuxnet or Flame give an idea of how high the potential for damage to the production infrastructure in the event of attacks by hackers can be in extreme cases. These attacks were already successful with a relatively low degree of networking of their targets.
In a scenario based on the blueprint of Industry 4.0, points of attack and damage potential are likely to multiply. “With highly autonomous communication, completely new threat scenarios arise.” However, the sectors that could benefit most from approaches such as Industry 4.0, namely machine and system manufacturers, have not yet developed sufficient concepts for countering this threat. “For them, this situation is also something completely new.” Compared to commercial IT, production IT is several years behind in terms of security.
criticizes ISO 27001, which specifies the requirements for IT security management systems considering the risks, has not yet been fully implemented and is not sufficient for this. “The manufacturing industry often still thinks in analogy,” “it regards programmable logic controllers as not being manipulable. Special software security tests are indispensable. “
IT Security: “Industry 4.0 Requires A Holistic Approach At All Levels”
First, there is technology. In a landscape in which sensors, embedded control computers, actuators, network protocols, and other elements have to be real-time capable, you need different internet structures, among other things. In particular, technologies are in demand here that reconcile the low latency times of control systems with increased security requirements.
Of course, the techniques established in corporate IT such as firewalls, encryption, virus scanners, or signature checks should also find their way into process and production IT. But that will hardly be enough to ensure safety.
Industry 4.0: For Adequate IT Security, Corporate And Production IT Must Work Together
On the organizational track, too, a lot has to change in the company. Above all, those responsible for the company IT and production IT divisions, which are currently still operating separately, would have to work together to create a holistic security management system. “Neither side can create a modern, comprehensive security concept on their own – operational IT often lacks the know-how for the processes in production, and production IT often does not know the latest developments in security technology well enough. “
An overarching IT security concept would have to be initiated in the companies at the management level. “You have to be aware that IT security is not a product, but a meaningful interplay of measures.”