Safe IT Use In Production Has To Be Learned

Safe IT Use: At least since the Stuxnet computer worm, which became known a year ago, the management of production facilities has sensitized, to industrially used IT. Automation specialists and users are now working even more closely together in response to this.

Since the occurrence of the Stuxnet computer worm, views on the security of IT systems in industrial automation have wavered. This became clear recently during a discussion by IT experts in Hanover. Because: If such procedures were considered only slightly at risk for a long time, both manufacturers and users now see an increasing threat potential from the growing networking in the factory.

“Thanks to Stuxnet, the problem has become more tangible for our management. The willingness to invest in IT security has increased significantly,”. In the one-hour discussion, Siemens manager Georg Thrummer admitted that IT security can now definitely no longer be discussed away from the industry.

As head of development for production machines in the “Automation and Drives” division, Thrummer is also responsible for IT security for Siemens controls. The Munich group was particularly affected by the reports about Stuxnet. Unknown writers wrote the malicious program specifically for a system for monitoring and controlling technical processes (Scada) that Siemens had developed.

Until this incident in the summer of last year, the world of automation technology was still in order. Manufacturers and users of IT systems in industrial plants assumed that the problem of hacker attacks would not play a role for them and would remain limited to corporate IT. As long as the individual systems were controlled centrally and separately, that was still true. “With the decentralization of the automation functions, however, the controls now have to communicate with one another,”. “Previously separate communication areas are growing together, disruptions and threats are no longer localized.”

Explanation About The Safe IT Use

Kasen is head of the Institute for Automation & Industrial IT on the Gummers Bach campus of the Cologne University of Applied Sciences. In addition to research in automation technology and industrial communication, the institute, as a Profinite Competence Centre, supports companies in the manufacturer-independent integration of Profinite systems. In addition, Kasen has worked with industrial partners to set up a test laboratory that shows security weaknesses in automation devices.

A prior investigation of risks and potential dangers in the assembly of individual components is advisable because every automation solution is so unique that neither manufacturer nor user can assess the complexity of the interaction, said the automation expert. “Manufacturers develop their products without knowing where they will be used later, and users do not know all of the properties in order to recognize where dangers could arise when combining them with other components,”.

Networking means that not only viruses can spread unchecked. “It is not uncommon for important functional properties of automation components to suddenly turn out to be weak points for information security in new environmental conditions,”. One of the customers is VW.

It is astonishing how much the understanding of IT security of individual manufacturers of automation components differs, said VW doll in Hanover. In order not to experience any nasty surprises when integrating the modules, the commercial vehicle manufacturer has them tested in advance in Kasen’s test laboratory. But that is more of a stopgap solution. To make the behavior of the automation modules in complex systems more understandable, Doll asked the manufacturers to improve their documentation. Then system integrators could also make their contribution to improving IT security. “They often don’t know enough about the components that they are supposed to link in the automation projects,” the IT security expert clarified.

Conclusion About The IT Use:

At the end of the discussion, all participants agreed that only manufacturers and users could improve IT security in the industrial environment. “Only a holistic approach leads to the goal,”. And the automation expert Kasen added: “The companies have to define their requirements and the manufacturers disclose the properties of their products.”

In addition, users would have to ensure that those responsible for IT from production and the other areas of the company sit down at the same table and work together to find customized solutions.

Attempts to transfer security concepts from the office environment to production have failed, stated Hans Honecker from the Federal Office for Information Security (BSI) regarding transferability to industry. “The security concepts, measures and technologies are too different.” As a medium-term solution, he recommended isolated solutions that can be better protected with critical areas. 

ALSO READ: The Technology Of The iPad leaps Companies