IT security

Manufacturing companies of all sizes have been a popular target for hackers and cyber criminals for years - and the trend is rising. In addition to security gaps in the IT systems, OT systems, i.e. operational technology, are increasingly being targeted by attackers in the course of digitalisation and networking. The consequence: companies should secure themselves as quickly as possible. Hans-Peter Bauer, Senior Vice President Cyber EMEA at BlackBerry, explains how this is possible. (Only in German)

Every day there are cyber attacks in the industrial sector − only the most spectacular incidents make the headlines. Like the attack on the automotive supplier Continental last summer or on the commercial vehicle supplier SAF-Holland in March this year. The financial damage caused by such attacks and the loss of trust among customers and employees are enormous. As protection against cyber attacks, the Federal Office for Information Security (BSI) now recommends that companies use a browser with so-called virtualised instances for the first time. This is because most attacks enter company networks via the internet. Such a browser can systematically keep attackers out of the network and is therefore a particularly effective protection.

Artificial Intelligence (AI) can make a major contribution to the future viability of our economy and society—whether by improving existing processes or new products and services that promise greater efficiency, more robust structures and more climate protection. At present, however, SMEs in particular are still reluctant to use AI systems. The frequently cited reason is that data protection hurdles appear to be too high. This article discusses the opportunities of data-based value creation. The central question is how AI applications in industry can generate economic added value from data while maintaining data protection and security.

There is hardly any day without publishing news on digitization and industry 4.0 and their respective necessity. Risks and shortcomings of IT-security are as well current topics. The striking question on management level is, where is my company regarding IT-security? How can we get a guiding light into the complexity of all related terms? This article is an outcome of research activities at the University of Applied Sciences Middlehesse. It is meant to support management to identify the actual status of IT-security and identify possible shortfalls. Based on a maturity grade model IT-security is described by six aspects with five levels each. This will help to point out room for improvements

The IT-risks which factory infrastructures are exposed to, require a common view of IT-security and operational technology (OT) protection. In this context, the measures from office IT can only be transferred to the production area and production control to a limited extent. The requirements and protection goals for the equipment used and the networking between these components are too different. An integrated approach and continuous management of IT security helps to identify and implement targeted measures in a concerted manner.

Trends such as Industry 4.0 or the Internet of Things lead to increased networking and integration of various data in the production. At the same time, the increased networking posses challenges regarding security issues. Negative examples involve the unsecured connection of various programmable logic controllers (PLCs) that are reachable through the Internet. In part, but also inadvertently, there are additional risks for the production plant. The reasons are the comfortable maintenance of plants as well as using external support for complex problems.

The popularity of the Cloud rises, but there is still much insecurity in the IT-Security of a cloud solution. Companies want to be able to check, if the processes in the cloud are secure and trustworthy. This is possible with an external auditing system, which compares measured data with predefined rules. But there is a chance, that the measured data are manipulated on its way to the auditing system, before leaving the cloud. To prevent these threads, the measured data must be protected right after it is generated. This is possible with the forward integrity method, which builds a chain-of-trust for the measured data without need of a TPM.