iConnectHub

Login/Register

WeChat

For more information, follow us on WeChat

Connect

For more information, contact us on WeChat

Email

You can contact us info@ringiertrade.com

Phone

Contact Us

86-21 6289-5533 x 269

Suggestions or Comments

86-20 2885 5256

Top

IT security in production – A major challenge for machine manufacturers

Source:​By: German Machine Tool Builder Release Date:2020-10-12 2024
Industrial MetalworkingMetalworkingSoftware & CNC System
Add to Favorites
Almost daily reports of hacker attacks are unnerving the public. The mechanical engineering industry, too, is experiencing a significant increase in attacks on its production facilities.



PM_Cybersecurity.jpg 


Almost daily reports of hacker attacks are unnerving the public. The mechanical engineering industry, too, is experiencing a significant increase in attacks on its production facilities. Steffen Zimmermann, Head of the VDMA Industrial Security Competence Center, explains how, in a recent VDMA survey, more than a third of the members who responded reported suffering production losses due to hacker attacks, and more than half the companies complained of capital losses. The alarm bells should now be ringing in every company. Better prevention is called for – as is a list of experts who can quickly be called in to provide support in the event of an attack.

 

Natalia Oropeza, Chief Cyber Security Officer of Siemens AG, says, “You have to be aware of the risks associated with infrastructure products – and also be prepared to respond to them. Ignoring them can destroy your business.”

 

Who carries responsibility for data security?
The majority of machines will be linked to the Internet in the future. This will confront all the relevant parties – machine manufacturers, component suppliers, machine operators and possibly also service providers – with completely new challenges. Productivity, robustness, longevity and reliability were once the main priorities, whereas IT security is now gaining in significance. Practical experience shows that there are many different potential security vulnerabilities.

 

“In many cases it isn't major hacker attacks that pose the greatest threat in everyday production,” says Dr. Alexander Broos, Head of Research and Technology at the VDW.

 

"Rather it's the regular and unavoidable exchange of data via the USB interface of the controller, for instance, which provides the gateway into the system.”

 

It is relatively easy for IT experts to offer instant solutions, such as simply closing the USB interface.

“However, this prevents efficient use of the machine,” Broos continues.

 

Service technicians, for example, need to be able to read out error logs and install updates. This is because automatic updating of the control software, as happens in the operating system of the office PC, is relatively unusual in production equipment. Life cycles of ten years and more are by no means a rarity in machines and control systems. In addition, the control software for complex products like machine tools is highly customised and is specially adapted to particular applications. The question therefore arises as to who is responsible for closing security gaps.

 

“The responsibility is shared to varying degrees between the machine manufacturers, control suppliers and operators,” Broos continues. “Ultimately, however, the responsibility can only be met by all these together.”

 

Bernd Gehring, in charge of Industrial Security at Voith AG in Heidenheim, adds, “There is a risk of the software in older machines being completely outdated, and of the manufacturers providing no further updates. Accordingly, companies are well advised to prepare for digital maintenance of their machines at an early stage.”

 

The operators, whose safety requirements machine manufacturers have to meet, are increasing the pressure, he believes, as are the standards that stipulate secure IT systems. These are indispensable in areas such as remote maintenance. He also points out that major investment is sometimes necessary in order to ensure machine security. However, there is often no initial return on such investment.

 

“We are particularly targeting managing directors and product managers from industrial companies with a strong culture of innovation. They are especially at risk, and security needs to be tackled at the highest level,” summarises Steffen Zimmermann.

 

Nevertheless, there is no such thing as 100 per cent security, given that the target is constantly moving and that hackers are constantly adapting their methods. Machine manufacturers need to collaborate with component suppliers and operators to make production processes more secure. The Industry 4.0 business model can only work if digital services are made absolutely secure. All the contributing partners share a strong and common interest in this.


Add to Favorites
You May Like