The increased interconnection of machines, production networks and corporate sites improves the level of efficiency in production, which in turn lowers costs. Intelligent monitoring simultaneously makes production sequences transparent and makes faster reactions possible.
On the other hand, increasing the amount of networking harbours risks. This can be seen in ransomware infections such as WannaCry or Petya/NotPetya, for example. Large-scale, international infections caused massive damage and production losses in both cases.
It is here that the major importance of cyber security as an elementary module of digitalisation becomes most apparent. Cyber security, based on a structured approach and best practices, must be taken into consideration right from the beginning and not simply viewed as being an add-on or necessary evil. It is not just one single measure, but rather a process to be continually modified.
This process already starts before the commissioning of new systems and networks at component manufacturers and integrators who utilise secure protocols and are required to integrate secure components. The permanent collaboration of line operating companies, integrators and component manufacturers ultimately leads to sustainable cyber security which, for example, covers the effective elimination of any weak points discovered later.
and their protection
In addition to the protection of new systems and networks, existing systems need to be taken into consideration in any structured cyber security strategy. It is important here to take the limits of the protection afforded by technology into account. As a result, it may not be possible to improve the protection of some old systems as their hardware components do not have the capacity needed for a security solution or a software update. Other examples are limits caused by protocols which are no longer supported, antiquated operating systems or new technical requirements which are not provided in the old system.
Therefore, it is important to systematically examine existing systems to determine which technical and organisational measures can be implemented. This necessary analysis comprises a review of all of the systems in the network, what each of them does, their communication relationships with other systems and their respective weak points and risks. Both security expertise and a knowledge of business processes and industrial production IT are a fundamental requirement for this.
Either immediate risk-oriented options for protection or compensating measures which can be taken for the technical safeguarding of the system can be derived from this analysis. The latter are, for example, network segmentation using firewalls with individually customised sets of rules, or the introduction of whitelisting applications which allow only specific processes to be executed on a system and which thus prevents the execution of malware.
People, organisation, technology
In addition to protecting technology, an all-round security solution in a digital factory must take the factors “people” and “organisation” into account. Studies and practice reports repeatedly show how security measures are ignored or bypassed by people, despite the existence of established processes and reliable technology. In its “Top 10 threats and countermeasures”*, the German Federal Office for Information Security (BSI) identifies three threats for industrial control systems (introduction of malware through removable data storage media and external hardware, human error and sabotage, social engineering and phishing) all of which can essentially be traced back to a human element.
This means there is a need to introduce awareness measures to make production employees conscious of potential threats to industrial systems and networks. Such measures comprise, for example, targeted workshops and demonstrations to illustrate the dangers of connected USB storage media or campaigns which use posters, e-learning platforms and internal social media content to increase the basic awareness of cyber security.
On the other hand, information security requires appropriate organisation structures and top-management support. Widespread standards, such as ISO/IEC 27001 or IEC 62443-2-1, are available to define uniform guidelines, roles and structured processes. No immediate certification is required to prove that these standards are being met. Their use as a reference work and guideline should be sufficient as a preliminary step. Based on this, it should be possible to implement the standards completely over time and use certification to provide proof of a company’s information security to all of its stakeholders. This generates trust and simplifies communication with customers and suppliers thanks to the use of clear terms and processes. Furthermore, an overall vision of information security is then created in the company and a central control area enabled.
Monitoring and detection
Since the conventional security measures with which the IT world is familiar, such as the running of anti-malware software in industrial production, are sometimes not possible, alternatives need to be found to provide security in such cases.
One trend is the use of security solutions which continually monitor network traffic in the production environment. If, for example, deviations arise in otherwise normal network traffic due to malware infections or unauthorised access to network components, such applications will provide immediate notification of the anomaly. Industrial production networks are mostly very well suited here, as repeating patterns always appear in the communication between network components, and deviations are thus easily recognised.
In order to evaluate detected anomalies correctly and react effectively, guidelines, processes and roles ultimately need to be defined in addition to the technical security solution. External service providers can provide support if they are familiar with the systems and business processes used, and if they can follow proven standards and best practices.
A valuable addition to continuous network monitoring involves an integration in a security operations center (SOC). The SOC can provide the systems operator with immediate support thanks to its ability to evaluate anomalies quickly. On the other hand, the anomalies of different systems operators are merged in an SOC, thus creating a more comprehensive image. Potential security incidents can be detected at an early stage and the systems operator warned accordingly. This way, an SOC can contribute significantly to the uninterrupted operation of a company.
A secure collaboration
A digitalised factory opens up many opportunities. Structured, risk-oriented cyber security is an important precursor to digitalisation and forms the basis for sustainable industrial production. It can only succeed if people, organisation and technology work together, and must be audited regularly.
We would be only too pleased to support you on your path to the world of digitalisation. We can offer you individual security advice regarding people, organisation and technology, as well as our DIQURITY services.