Security concepts against cyber threats
IT contingency planning: capable of acting even in an emergency
With the new digital infrastructures and the associated dependence on IT systems, information security, data protection and IT contingency planning should have the necessary priority. According to a recent Bitkom study, the majority of German companies have been victims of data theft, industrial espionage or sabotage in the last two years.
Just a few years ago, production machines consisted of mechanics, motors, simple sensors and, above all, fairly simple and isolated control systems. If something broke down, the service technician had to check the cause, order spare parts if necessary and then repair the machine. The consequences were slowed or halted production, delays in the supply chain and financial losses.
Today, the machines are equipped with complex control systems, are networked and communicate with each other. They notify the central production control system at an early stage if there is a problem or if parts wear out. Maintenance can then react to the problem at an early stage and automatically order spare parts. At the same time, the service technician is also informed about the necessary repair.
But what would happen if a hacker interfered with this process? Systems, machines and processes could be manipulated and important data collected or changed. Machines could suffer massive damage, production processes would come to a standstill, spare parts would not be ordered and the technician would not be informed in time. In addition, sensitive information such as company, production and customer data could be leaked and misused for industrial espionage. In such a situation, where responsibilities and instructions are often neither clarified nor emergency situations trained, companies often descend into chaos. If contractual obligations are then not met, contractual penalties may even be imposed.
It is clear that the smooth running of core processes with increasing digitalization is dependent on functioning IT. Nevertheless, not every company is adequately prepared for this development. Current studies show that cyber criminals are particularly interested in SMEs: Three out of four companies - 73 percent to be exact - with between 100 and 500 employees have been victims of digital attacks in the past two years. The causes are easy to explain: SMEs are particularly heavily integrated into the supply chains of large corporations. Attackers are after detailed knowledge and use the systems of SMEs as gateways to gain access to the data of large corporations.
In order to exclude these external risks and thus protect themselves, SMEs must take appropriate measures. Increasingly, this means providing evidence of appropriate documentation in the supply chain to partners, customers and, increasingly, insurers. However, many companies lack the know-how and experience to find a suitable approach. This is confirmed by recent figures from a Bitkom study. According to the study, only 40 percent of industrial companies have a central strategy for various aspects of digitalization. This raises the question of how industrial companies can respond to issues such as IT contingency planning, data protection and information security in order to meet industry-specific specifications, guidelines and compliance requirements.
Step by step to a holistic security concept
Many industrial companies are not yet ready for topics such as information security or do not see the need for it. Instead, they invest large sums of money in modern technology. However, what use is the best firewall, for example, if the person operating it is not sufficiently trained or the responsibilities are unclear. In order for the firewall to provide optimum protection, the company must take the appropriate organizational measures. IT contingency planning, data protection and information security must not only be implemented technically, but all associated aspects must be integrated into the corporate culture and viewed as an ongoing and living process.
There are now various solutions that support companies with the introduction of comprehensive security concepts and guide users step by step through the implementation of an information security management system (ISMS) or IT contingency planning, for example. To do this, however, it is important to start by looking at the various topics and your own requirements. The starting point is the answer to the question about the current situation. It often turns out that companies do not have to start from scratch. Various requirements are often already fulfilled and documented. The aim now is to collect this scattered and opaque data and information centrally in one place.
Companies are often faced with the challenge of not only having to implement IT contingency planning, for example, but also an ISMS or a data protection management system. To make the introduction easier, there are integrated management systems that use a central database. This saves the user from having to maintain the same data twice and from having to undergo extensive training for different software. Once responsibilities, processes and infrastructures have been systematically documented and linked, this makes day-to-day work much easier. Business processes can then also be optimized in the long term.
Even in the example of the hacker attack on the production process, an appropriate security concept could have saved a company from the greatest damage. How would the scenario have played out if, for example, the ISMS had been in place at the time of the cyberattack or at least the emergency planning had enabled emergency operations?
Observe organizational as well as technical aspects
In order to respond to cyber threats and other IT risks, industrial companies should introduce comprehensive security concepts. This is not just about taking technical measures. Instead, organizational aspects must also be integrated into the corporate culture. Risks need to be identified and recognized, responsibilities defined and a security concept established for the long term. This not only ensures that companies are still able to act in the event of an emergency, but also supports employees in their day-to-day work and can help to improve business processes in the long term.
Jens Heidland, Head of Consulting at Contechnet and Lead Auditor ISO 27001 and IT Security Catalog / am
You might also be interested in
Motors, gearboxes and encoders: Faulhaber expands Ø 16 mm portfolio
Faulhaber is expanding its portfolio with new DC motors from the SXR and GXR family, a 16 mm planetary gearbox and the IEX3 magnetic encoder for compact drive solutions.
read more...New drive solutions for industrial automation and robotics
Faulhaber presents drive solutions with the new GXR and SXR motor family, which offer high efficiency and flexibility in combination with powerful gearboxes and encoders. These optimized components open up new possibilities for applications in...
read more...Marco Altherr becomes new Chief Financial Officer
The Supervisory Board of Ziehl-Abegg has appointed Marco Altherr as the company's new Chief Financial Officer (CFO). Altherr will take up his post in May 2025.
read more...Hydrogen storage in metal hydride
With its focus on storage systems for green hydrogen in solid form (metal hydride), GKN Hydrogen presents itself as a pioneer in safety and efficiency for the industry. GKN Hydrogen offers safe storage systems for green hydrogen and focuses on two...
read more...INDUSTRIAL Production Products of the year...
2nd place, Robotics category: EGS Automation
The SUMO automation systems from EGS Automation - economical standard solutions for automating a wide range of processes in plastics and metalworking - took second place in the robotics category in the competition for Product of the Year 2024.
read more...More productivity with Drive Intelligence
The trends in automation are productivity, sustainability and connectivity. Baumüller is launching new products on the market that address these trends, including new tools for smart energy monitoring, condition monitoring in the drive and new...
read more...Intelligence in Motion
At SPS, Koco Motion will be showcasing its expertise in customized drive solutions based on DC and BLDC motors, stepper motors, servo motors, linear drives and controllers.
read more...Nomination Products of the Year 2024
EGS Automation: SUMO automation systems
The SUMO automation systems from EGS Automation, economical standard solutions for automating a wide range of processes in plastics and metalworking, have been nominated in the Robotics category in the competition for Product of the Year 2024.
read more...Transport technology from the modular system
Many transport tasks can be realized with the help of linear technology. Pre-configured solutions are available to simplify the interaction between the linear unit, motor, gearbox and controller. This minimizes the effort required for research and...
read more...