Today, production companies can no longer manage without a high-performance IT environment. Numerous servers work in the data centres of industrial companies, tirelessly exchanging data with the internet. Just like the Macs, PCs or notebooks of the employees in the administrative part of the company. And here is the biggest weak point: the connection to the internet. It is entirely possible to penetrate a networked control system or a production plant via this route.
In industrial production, protection is much more complex and costly than in the private sector. There are many more places where an attack could take place, as there are numerous entry points for viruses or malicious code: For example, via the attachment of an e-mail, via one’s own website, via an open port on the web server or a ransomware attack.
‘In my opinion, attacks become particularly critical when you are in the area of energy supply or in the area of operational technology – OT – in the case of machines or process plants,’ Norman Hübner from TÜV Rheinland emphasised in an interview with the trade magazine ‘Chemie-Technik’.
This also includes seemingly banal parts such as motors, pumps or valves. In fact, successful cyber attacks on OT systems often lead to particularly high damages for the companies affected. The reasons are obvious: In the chemical industry, for example, it must not happen that liquids are mixed incorrectly due to such manipulation. In the smallest possible case, this leads to significant quality defects, but can also cause entire production branches to fail. ‘According to our experience, such areas are a typical point of attack for hackers,’ emphasises expert Hübner.
What Are Concrete Measures To Ward Off Attacks?
An important step is to take a look at the control room of a production facility. It is imperative that the responsible employees working there keep an eye on the entire situation and recognise and assess possible attacks. Pishing and social engineering, malware or ransomware and denial-of-service attacks are currently the biggest threats to production processes. It is important to have a complete overview of the machines and systems on the one hand and the incoming and outgoing data traffic on the other. And to register possible changes immediately and, above all, to react to them immediately – every hesitation costs extra.
AI-based systems help, to analyse and document throughout all areas where data is exchanged. This is the only way to determine where there may be security gaps. These should be closed sustainably (together with experts). It must always be borne in mind that almost all production plants are connected to the internet today. This is how updates for control systems are provided or production plans are exchanged – even across locations in different countries. In short: cyber security does not end at the border of the company’s premises.