Just like office IT, the IT landscape of production companies can also be targeted by cyber criminals. The number of cybercrime attacks in the production sector rose by ten percent in the second quarter of last year alone. According to a study by Bitkom, at least 75% of the companies surveyed were victims of such an attack in 2019. 70 percent of the organizations affected suffered considerable damage. This can take a variety of forms and dimensions: Production downtime, spying and theft of sensitive and internal company data and intellectual property, manipulation of data and production processes as well as encryption of systems and subsequent ransom demands (ransomware).

The consequences of such attacks can be devastating: McAfee calculated that the amount of damage in 2019 amounted to over one trillion US dollars. This includes costs for operational downtime, repairs, fines due to data protection violations, the development of new security strategies by external consultants, losses due to the loss of investors and lost sales due to customers leaving the company as a result of the loss of trust.

When networking becomes a disaster

The merging of information and operational technology and the networking of IoT devices and entire machine parks offer many advantages for the manufacturing industry - to name just a few: higher production levels, increased productivity and efficiency, shorter time to market. However, this networking can also turn out to be a gateway for cyber criminals. On the one hand, they can gain access to the network via the company's employees - for example through targeted phishing and other social engineering attacks - and commit data theft or infiltrate malware. In addition, many production companies are still equipped with legacy IT such as outdated operating systems that are no longer supplied with security updates. There is a reason for their use: for years, they have ensured that the machines connected to them perform reliably. A complete changeover to modern IT would not only lead to massive and costly downtime, but in many cases is simply impossible due to incompatibility.

This is where decentralized edge computing comes into play. As mentioned at the beginning, this technology is particularly popular in production environments with networked IoT devices due to its low latency and fast, direct data processing at the edge of the network. However, this is where the crux of the matter lies: if cyber criminals gain access to the IoT network via the internet and the incomplete legacy IT, they can manipulate data, among other things. The compromised data is processed in the edge data center, which leads to fatal errors. Critical operating processes can be sabotaged in this way, which can have fatal consequences. An alternative is to create a hybrid concept that processes and stores critical data in the cloud, as the centrally available data can be protected more effectively with the right tools.

Siemens and McAfee for holistic security

Cloud service providers offer a repertoire of security functions and control elements. At the same time, companies have a responsibility to secure their own systems - including the cloud and (local) legacy IT - with the help of a holistic security strategy. Uniform device-to-cloud protection combines the strengths of Secure Web Gateways (SWG), Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) in a uniform security platform. Among other things, CASBs ensure the enforcement of local security policies in the cloud. They also allow IT security teams to control the access of unknown users, hardware and software to the network and to closely monitor all data traffic. This transparency enables security incidents to be identified and rectified more quickly.

However, many industrial companies do not always have the necessary means and strategies to protect themselves against cyber attacks or to respond to them quickly. This is why McAfee and Siemens have been working together since 2011 to counter growing security risks in the production sector and drive forward "Industrial Security 4.0". As part of this, they offer a "Managed Security Service" that combines Siemens expertise in the areas of automation and industrial security solutions with McAfee security solutions - firewalls, Security Information and Event Management (SIEM) and Global Threat Intelligence. The concept follows a security-by-design approach, which means that the security aspect is integrated and standardized as soon as machines are developed and installed. This gives industrial customers a higher level of industrial security for their production environments, which they can manage themselves without being restricted by cumbersome configurations.

In view of the growing cyber threat situation, ensuring IT security in production environments is more important than ever. Edge computing alone is no guarantee for comprehensive protection of data and systems. In the cloud, data can be secured more effectively with the help of a holistic security strategy. The Managed Security Service from Siemens and McAfee can help protect production environments from cyber risks.
Tanja Hofmann, Lead Security Engineer, McAfee