The digitalization of modern production technology creates new challenges for industry. The increasing level of networking makes the protection of production plants against attackers more and more difficult because the hacker can act anonymously and from complete darkness. In addition to protecting the production plants, however, the data themselves are of ever-increasing value. And one can only detect the theft of digital information when one has exercised care at the time of the theft.
The English-speaking world uses a specialized word for securing plants against attackers: Security. Security is a type of defense, and thus a strategy. A strategy is usually a whole bundle of measures that makes it difficult for the attacker to access the values of a production plant, its availability, and its information.
Widespread protective measures now include sealing-off the network by means of so-called firewalls. As these mechanisms are not impassable, however, networks within the plant are separated into smaller networks and isolated. The authentication of each participant in a network by using cryptographic keys, so-called Network Access Control, ensures that only devices known to the network can actually participate in it. But because one can use subterfuge to smuggle oneself onto the list of recognized devices, the next level involves the protection of individual messages against tampering or deception by third parties. For this purpose, the message is given a secret key, the Message Authentication Code (MAC), that is calculated to form a checksum so that the recipient can verify the authenticity of the message.
Strategies can, however, vary greatly. Whether a strategy is correct or incorrect can mostly only be seen after an event. But there is guidance: The IEC 62443 international standard defines procedures for implementing electronically secure Industrial Automation and Control Systems (IACS) and provides, for example, a good overview of effective measures and the current state-of-the-art. While general standards cannot provide the reader with any concrete handling instructions (recipes), some professional organizations do offer concrete information and advice on digital communication.
The organization responsible for PROFINET, PROFIBUS International, provides advice on potential and sensible measures for repelling digital attackers in its comprehensive brochure PROFINET Security Guideline. In the background, we are working on further measures with this organization: A specification for secure communication with PROFINET.
Consortia of those active in business, research and politics, e.g. the Industrial Data Space Association, are also developing joint guidelines and methods for handling data security.
Secure and suitable for daily use?
The basis of an effective security strategy is always a precise analysis of the individual situation. What needs to be secured? How great is the potential damage? How rapidly can I recover from a potential attack? The solution chosen must be as practical as possible and should cause few, if any, restrictions in everyday work. Because many protective measures involve mechanical or digital keys, it is important that the technology is comprehensible and understood. The technical security of a key will become largely irrelevant if an employee is not aware of the possible consequences when they lend their workplace ID card to a third party who appears to be friendly or to have the necessary authority. This is why the awareness of employees regarding security is stressed so often.
But security concepts also have to take into account exceptional situations. These include the use of a service technician or company, or the potential need to occasionally transfer files from other systems. If such actions are impossible, all the security mechanisms will be circumvented in order to restore system availability when serious problems arise. If this is frequently necessary, then regular, or even permanent, switching-off of security measures is not unusual.
Cryptography and the administration of identity
In addition to everyday practicability, every form of access and entry restriction must be based on a reliable administration system, i.e. someone must decide who is permitted access and these authorized identities must be administrated. Whereby access restrictions include the physical company grounds just as much as the company’s digital network and every single plant and component used.
Cryptography cannot decide between good and bad. Cryptography involves mathematical methods that exploit a “secret” to make the transmission of messages unreadable for third parties, for example. This means that people must make the fundamental decision on who may do what in advance and, by handing over the “secrets”, include each individual component or machine in the “circle of trust”, or legitimize it for particular tasks.
One secret familiar to us all is the password that is mostly paired with a user name. Given that we already have difficulty administrating our many private identities in the internet securely and over the long term, the administration of identities in an industrial plant using personal passwords is inconceivable. Therefore the administration of the identities of users and devices will in future be handled by so-called directory services. One need only authenticate oneself here centrally once, and then one is given the necessary access to the particular resources.
The future is secure
Even a “secure” and effective strategy that has been found and implemented will require continuous updating. Digitalization and general technical progress are rapidly driving forward the development of digital networking potentials. The threats, however, are also growing at the same speed. Quicker computers are making the finding of secrets via single-minded trial and error, the so-called brute-force method, increasingly effective and attackers are also carrying out their own research into new methods.
So security strategies require continuous improvement. Because an attacker can gain access to a production plant, users can suffer production downtimes, extra costs, and the loss of knowledge and quality. Apart from all this, data loss and abuse can also become a case for the courts and insurance companies. Another reason for paying attention to the legal realities of networking issues and not merely the technical possibilities.
The networked future is certainly on the way. We are working towards making it a secure future, too.