IT security: on everyone’s lips – but is it on everyone’s mind?
IT security is a broad field, and I could probably write a novel on the subject. But today I’m restricting myself to the narrow field of IT security in the context of Industry 4.0.
You’re wondering what that is? Industry 4.0 denotes a networked production operation. This means production sequences that are networked by cloud and cyber-physical systems (CPSs). In explanation: cyber-physical systems enable computing power and mechanical elements to be coupled and coordinated via a communication infrastructure such as the internet. When we look at production operations in the past, there was here a clear separation between the production and office networks.
The production operations of tomorrow
We are currently in a situation where the networks are indeed very largely separated, but nonetheless the control computer in the production hall often communicates with components in the office network, for example. And this is precisely where the security vulnerability is manifested, since there is no higher-order security concept. In future, this picture will change, in that the control computer or the PLC (programmable-logic control) will be directly connected to the internet – there is a definite trend towards cloud solutions. There will then no longer be a separation between the production and office networks and thus from the internet.
Eliminating risk factors
Without appropriate security measures, and also advances in the field of IT components, there will here be a massive increase in the threat situation.
An equally important consideration in the IT security environment is the human factor. We do of course have our own internal guidelines, processes, and technical measures designed to assure protection of the information and systems involved. But equally essential are trained, alert staff able to detect an attack and prevent it by raising the alarm in good time or preventing it from spreading and thus causing greater damage.
Awareness campaign with live hacking
This is why we regularly organise awareness campaigns, in order to draw our staff’s attention to current risks and to raise their alertness levels for threats. Within the framework of the current campaign, we had on 22 November invited Dr. Christian Haas of the Fraunhofer Institute of Optronics, System Technologies, and Image Exploitation (IOSB) to give a presentation focusing on IT security in the context of Industry 4.0. The first event was designed for the management level: here, senior staff from Corporate Development, Information Management and our subsidiary Syskron attended. In a 30-minute compressed presentation, the managers were brought up to speed on what current risk situations have to be reckoned with. Recommendations for action and best practices were also provided, so that each manager could check for his/her own remit the ongoing status of the organisational unit concerned.
The second block of the event was directly tailored to the experts from the above-mentioned departments. This part of the presentation was very practice-oriented in structure. It began with a simulated attack on a factory. For this purpose, Dr. Haas had brought with him a mobile demonstrator from the IT security lab. This demonstrator consisted of a multi-coloured disk (symbolising a machine in the production operation), which moved at one eighth of a revolution per second. This was connected to a machine control system, in our case a SIMATIC. Then there was also a screen, which functioned as an MES (Manufacturing Execution System), i.e. the disk and its movement were displayed there. The operators use this screen to monitor the production machines. Now the following thing happened: the imaginary attacker hacked into the system, and severed the link between the machine and its control system. He then accessed the machine (in our case the disk) directly, so that it rotated progressively faster. This was acoustically manifested by a loud humming noise. All attempts to access the machine via its control system failed – even interrupting the power supply remained unsuccessful. An incorrect situation was also displayed on the MES screen. Here, it looked as if the disk was standing still. In reality, though, it was continuously rotating at a very high speed.
A situation of this kind can continue until the hacker aborts the attack or in worst case actual damage is caused. If you bear in mind that this might involve a real attack on a production line, then you very quickly realise the possible effects (damage to equipment and perhaps even injury to persons, lost production, image impairment, etc.). I think this realisation hit many of us in the room at this moment.
A tempting honeypot
Dr. Haas gave us no breathing space. Following his very impressive demonstration, he showed us some more possible attack vulnerabilities, such as gaps in the networking. He also demonstrated how easy it sometimes is to acquire passwords – if, for example, the manufacturer’s password is still being used – or how a bus coupler (a component used in automation technology that as an interface handles the entire process data traffic) can be made to crash.
His information on the “Honeypot Waterworks” of the TÜV South Technical Inspectorate also left a lasting impression. The term denotes a virtual service or user that functions as a trap for hackers, in order to obtain information on attack patterns and attackers’ behaviour. Here, a simulated waterworks with real control hardware was connected to the internet for eight months. During this period, 60,000 attacks were recorded, very many of them on industrial protocols (e.g. S7 communication). And many of these attacks were in fact successful.
Basically, you have to keep in mind that IT security is a continuous process. Taking this on board is the first step, but we must never stand still. The loss and damage caused by IT security incidents exceed the costs incurred for establishing protection many times over. In the context of Industry 4.0, IT security is gaining steadily in perceived importance, and with a properly functioning process you gain an additional quality feature, thus securing a competitive advantage.
At this point, our admiring thanks go to Dr. Christian Haas from the Fraunhofer IOSB for his interesting presentation, which provided plentiful food for thought.
Comments
-
![]()
Dear Pablo,
Thank you for your comment. First of all, we have to point out that the machine setup used in the scenario mentioned above is not a Krones machine at all. It is a ICS demonstrator by Fraunhofer IOSB that was used during a Krones security awareness event to sensitize Krones experts with respect to the arising threats in the field of industrial control systems. In the upcoming weeks there will be also a similar event at Krones Inc., USA. Your local information security officer will be happy to contact you and to provide further information on this topic.
Best regards,
The Krones Team
-
Hi, I'm actually working at Krones, USA.
Excellent post. Call my attention your comment about the power - interrupting the power supply remained unsuccessful. Can you elaborate more about how was this tested, the stand had another power source or how exactly the interruption really didn't have an effect.
I'm part of the after hour support and the electric group, Can Dr. Haas or someone in your group, recommend a text that could help us be aware about how to detect this kind of threats in our industry? Sometimes is part of our task to connect to our customer machines.
Finally, thank you for this information.
Post commentKommentar von Johanna Kraus | 20. February 2018
Kommentar von Pablo | 18. February 2018