Industrial Security: Protection of New Digital Infrastructures
Matthias Springer, Senior Vice President Functional Safety & Security at TÜV NORD
Matthias Springer, Senior Vice President Functional Safety & Security at TÜV NORD
The coronavirus pandemic will have a lasting impact on the global business and industry. Despite the broadly discussed negative developments, companies have made quantum leaps with regard to digitalisation in a very short time. What used to be a rather sketchy plan has turned into concrete measures. With enormous speed, industrial companies have been able to implement digitalisation and automation projects. Remote accessibility of plants and systems, remote monitoring and predictive maintenance are elementary in times of shutdown and home office in order to maintain operations. What we are currently experiencing is akin to a paradigm shift. Unfortunately, with the naturally understandable euphoria about digital transformation in record time, security aspects often fade into the background. Unprotected networked systems pose an immense risk–a fact that is often acknowledged too late.
Industrial Plants ss Targets of Cyber Attacks
Petya, WannaCry, TRITON–they all have become known to the public as malware which has produced considerable damage in recent years. The terms are now synonymous with cyber-attacks, which have raised awareness of how vulnerable digital industrial plants are today. Petya and WannaCry were Trojans and used for rather widespread attacks that targeted more or less every Windows-based computer. Not only global companies were affected in Europe but also hospitals, ministries, and infrastructure. With these cyber-attacks came numerous ransom demands. The publicly known incident TRITON was directed against an industrial safety control in the Middle East. This incident triggered the secure state–but it is suspected that the attackers were actually trying to disable the safety control. Only by chance or a bug in the malware did the catastrophe–the explosion of a petrochemical plant–not occur. It is likely that more attacks will follow in the future.
Securing the Future for Industrial Companies
In view of such threat scenarios, new approaches to risk analysis and the technical inspection of installations and products must be taken. Functional safety and IT security should therefore no longer be treated as separate fields of action. Security means the security of data in terms of availability, confidentiality, and integrity.
Safety refers to the safety of people and the environment, for example in terms of functionality, electrical, and constructional safety.
The merger of safety and security into one approach came with the development of smart manufacturing. For years now, networking of sensors and actuators has been indispensable in the process and manufacturing industry.
Cloud infrastructures are implemented to develop new business models. Very common today are digital twins of industrial plants–the simulation of the plant in the cloud, which in turn opens up completely new applications and potential. These trends are often part of digitisation strategies of companies or entire sectors. But their opportunities also lead to new risks.
Any kind of networking and the associated opening of a system entails the risk of misuse by unauthorised persons. Every industrial company therefore needs not only a digitisation strategy, but also a strategy to safeguard its own values–the production process, the know-how of its employees, and the key elements of its business model. Such a cyber security strategy should be based on solid concepts and methods. The IEC 62443 standard was defined for industrial safety and contains an established process model for an industrial cyber security strategy.
Comprehensive Security Concept for Smart Manufacturing
Within the framework of smart manufacturing, IEC 62443 has established itself as an internationally recognised standard for IT security in the process and automation industry. In addition, many other branches of industry, including critical infrastructures, are now using this standard. IEC 62443 has thus become the central standard for smart manufacturing solutions. Wherever digitalisation, networking, and automation are used in the industrial sector, this standard provides a security guide–independent of the sector. Based on the criteria and requirements, companies can ensure the reliability of their facilities and applications, prove the availability of security functions and the integrity of components and systems, with operators, integrators, and component manufacturers benefitting equally.-
The IEC 62443 standard takes a holistic approach to cybersecurity
Certification according to IEC 62443 also offers sustainable protection against cyber-attacks. Hackers and cybercriminals are also aware of the companies’ rapid conversion to digital infrastructures. Any security gap not considered and closed today can turn into an existential problem tomorrow. Operators of industrial plants, for example, must ensure protection against digital threats. Otherwise unauthorised persons could, at worst, bring the plant to a standstill or even cause personal injury and environmental damage. Integrators also face ever-increasing security requirements, since today they not only provide a network for industrial plants, but also connect the plant to cloud services. The manufacturers of components face similar challenges like operators of industrial plants as their products are expected to function in an increasingly networked way.
Using the Digital Upswing
The coronavirus pandemic has increased the need for digitalisation and hence the pressure on industrial companies to act. At the same time, there is an increasing necessity to secure the newly acquired digital infrastructures today in order to sustainably benefit from them also tomorrow. The IEC 62443 standard takes a holistic approach to cybersecurity. A certification proves that the company is working according to the "state of the art" and complies with its legal duties of care–important prerequisites for minimising liability risks.
Weekly Brief
Read Also
