Not only conventional IT is affected by this, but operators of production plants are also increasingly concerned about the IT security of their machines. The VDW (German Machine Tool Builders' Association) has therefore published a guide for companies that provides a simple way to increase IT security on machine tools. "Incidents are also becoming more frequent in industry and it is not only negligent to turn a blind eye to them, but also extremely dangerous," warns Ralf Reines, initiator of the brochure at the VDW. "But the good news is that even very simple and inexpensive measures can help to prevent a large number of threats."

"Not only infrastructures that are directly connected to the internet are affected. Machines in production, especially machine tools, are also under attack," adds Prof. Felix Hackelöer from the Institute for Automation and Industrial IT (AIT) at TH Köln. He co-developed the handout "IT security on machine tools". "It doesn't always have to be a foreign power that gains access to sensitive data via hackers. Most problems result from the internal handling of the company's own data." The German Federal Office for Information Security (BSI), for example, cites USB sticks and careless handling as the top threat.

In second place is infection with malware via the internet and intranet. "It's common for employees to connect their cell phone, which they may have used to edit their vacation photos a short time ago, to a machine tool to charge it because there is no other USB access within reach," says Reines, Research and Technology Officer at the VDW. Only in fifth place on the BSI's list of the main threats is social engineering and phishing, which are behind organized crime.

Whether employees' cell phones connected to machines or USB sticks - private data carriers have no place in companies, emphasizes Reines. The use of passwords is also very often downright naive. Generally known accesses are a security gap that is as big as it is underestimated. Last but not least, increasing automation means that more and more production machines are being connected to the company network (LAN). "Within the company, the various network areas and access rights should always be kept separate," warns Reines. This is also anything but a reality in the day-to-day operations of many companies.

With its brochure, the VDW aims to raise awareness among machine operators in particular and shows five important points of attack on a machine tool where particular caution is required, including of course the connection to the Internet, but also the NC programs and the mains connection. The guide provides a brief and easy-to-understand overview of what needs to be considered at these points. First, the current security situation is described and the resulting threats are highlighted.

The guide recommends technical or organizational measures for each topic area. The actions are assigned to specific employee groups or departments within the company - from production to IT to management. The brochure is rounded off with a glossary on IT security and references to further reading, leaving no questions unanswered, even for beginners.

With its handout, the VDW aims to reach small and medium-sized companies in particular that have little or no expertise in the field of IT security for machine tools. As the measures are easy to implement - even on existing systems - the initiative will be well received by machine tool users, Reines hopes. Incidentally, a further guide will be developed this year. It will be aimed at machine tool manufacturers and describe how to methodically develop and implement comprehensive IT security for machine tools.