Production companies that want to remain competitive in the long term will inevitably have to increasingly network their systems, machines, processes and data. Production is being opened up ever further and faster to the outside world for interactions via the Internet and in the context of intelligent networks. Preparing for the smart factory requires direct communication with different areas of the company or even across company boundaries. Managers also want reports, key figures and even access to the SCADA level via mobile devices - preferably in real time. It is obvious that this opens up potential gaps and barn doors for security in the company: with increasing networking, previously well-sealed areas must be made accessible from the outside. And this increases the security requirements enormously.

Automation networks are designed to be fail-safe and highly available. However, with digitalization, the demand for cyber security is increasing all the time. Security gaps jeopardize productive availability. The economic damage that this can cause is enormous. A successful cyber security concept is therefore an absolute prerequisite for a secure path towards the smart factory. If you follow the following three steps, you will be ready for Industry 4.0.

1. create relevance for security:

Security must be a top priority in highly networked companies. It must not be a marginal issue. However, many companies with networked production are not yet adequately protected. According to a survey of 228 companies conducted by Copa-Data, more than half of the companies rate the importance of IT security in production as medium to low. Often, outdated systems are still being used for which there are no longer any current security updates. The result: enormous security gaps that can be exploited by external attackers. Around 20 percent of the companies surveyed are inadequately protected against attacks. But if you want to take advantage of the opportunities offered by networked production, you urgently need to create more relevance for the topic of IT security. This is the only way to avoid economic risks and guarantee the competitive security of companies in the future.

2. know-how as the basis for a secure path to the Smart Factory:

Over the years, a clear distinction has been established between IT and automation technology. While comprehensive and constantly adapting protection against security risks has long been an integral part of system operation for IT, automation engineers are still looking for a suitable security concept in many places. IT has long focused on security: the system must be secure against unwanted access. At present, automation still often prioritizes reliability: the system must run smoothly. As long as automation processes were not accessible from the outside, reliability was rightly a priority: why disrupt the system with a software update that is not important for production? The fact is that the attack surface has increased significantly. An intrusion into these networks can massively jeopardize the reliability of entire production plants. It is therefore necessary to build up IT security knowledge or buy it in externally in order to keep a firm grip on the wheel. The task is a big one, but it can be mastered. On the one hand, the company's IT department has usually already built up expertise. On the other hand, there are special service providers who can provide support along the way.

3. identify and eliminate weak points:

As a result of networking and opening up to the outside world, the potential weak points have become more diverse. Externally, a poorly protected partner company can become a gateway. Internally, programs that are not up to date and interfaces or devices in the company network are the most common security vulnerabilities. However, employees who use weak passwords or are careless with them can also allow unauthorized access to your network. Security should be a basic requirement for all digital contacts: Anyone who wants to be part of the corporate network must meet basic security standards, whether people, companies, hardware or software.

Current developments in the security landscape of industrial applications and systems can be effectively countered by the planned implementation of methods and security strategies. A precise analysis of possible security risks and the identification of security incidents go hand in hand with the development of appropriate emergency plans. Security vulnerabilities, both technical and organizational, must be eliminated or at least actively monitored. This is how the productive potential of the smart factory can be realized!

Philipp Artmeier, Senior Technical Consultant Energy at Copa-Data / ag