IT security

Who protects the Internet of Things?

Industry 4.0 adds an entirely new perspective to the issue of IT security. Once everything is networked, a whole host of new access gateways is opened up. In the future, responsibility for protecting a company will rest on many shoulders.

2017-02-07

Print

Soon, vandals will no longer need an open window to break into a factory as they’ll be able to wreak just as much havoc from their computer at home. At least in theory, if companies that use networked production processes fail to adequately protect their networks and production systems. “If we assume that in the future more and more vehicles and machines will be controlled using IT systems, this is going to create new routes for intrusions,” says Stefan Rieck, the KION Group’s Chief Information Security Officer. These would also affect networked trucks or fully automated high-bay storage facilities, which could be shut down, destroyed, or even employed to cause further damage.


A merging of two worlds

At its core, the concept of Industry 4.0 describes the way in which more and more things are being linked together, making it possible to exchange data – between machines, vehicles, and employees, or between manufacturers and customers. Customers are able to watch their products being built in real time, and factories can schedule the arrival of spare parts very precisely. These new possibilities are generally being welcomed and even demanded. “It is a merging of two worlds,” according to Rieck. The IT in offices and production areas, computers and factory machines. But that also leads to a much greater number of different partners sharing individual networks. Suddenly it’s no longer enough to protect your own factory – your customers, suppliers, and building service providers also need to secure their access points. “The responsibility no longer lies with one particular function, it’s not just the job of the IT department anymore,” Rieck explains.


The actual protection mechanisms themselves are nothing new and are familiar from traditional office IT. They include anti-virus systems, encrypted data transfers, firewalls, and authentication, as well as close collaboration with certified external partners and security experts, who regularly test systems and networks for weak points. In other words, all measures required to protect against network intrusion and also to guarantee that a particular data package was really sent by the forklift truck rather than by an unknown intruder. The essential task over the coming years will be to transfer these tools from the office and adapt them to the many possible applications within the realm of production.


Can electronic control systems repel attacks?

The target for an intruder set on causing damage may not be the networked truck itself. This could just be a way of getting access to other servers, as a means of carrying out industrial espionage. “In the future, all manufacturers need to be aware that their products may be open to misuse for purposes for which they were never intended,” says Rieck. This requires a new approach at the planning and design stage. For example, the electronic control system of a truck used to be designed simply to operate the vehicle – it didn’t need to also have the computing power necessary to fend off hacking attacks from the internet. Will this involve the installation of additional components, or are very specific individual solutions required? The engineers at the KION Group are already addressing these issues.


“IT security is definitely becoming an exciting area for creative minds,” says Rieck. It’s a broad field, and a large number of departments and experts will need to work together. That certainly plays to the strength of a company like the KION Group. It is highly diversified, both in the traditional design of industrial trucks and also in software and connectivity, following its recent acquisition of automation expert Dematic. “One thing is clear: The more things start to merge in the context of Industry 4.0, the more complex they become.” It would certainly be useful if the industry was able to develop clear standards that became widely accepted soon, so that everyone could start pulling in the same direction.


IT security becomes a mark of quality

Responsibility for protecting a company will rest on many shoulders. What’s the use in installing the highest level of security for a metaphorical house if the tenant then goes and leaves the key under the mat? Rieck regards customer awareness of this issue as fairly high: “Many of our customers ask about the subject directly, and they are very receptive and well informed.” There are increasing demands, in particular from small companies that are not able to develop their own expertise, for large manufacturers like the KION Group to address the issue. IT security is set to become a mark of quality. Industry 4.0 doesn’t simply mean doing everything and networking everything, just because it is possible. “It also carries responsibilities,” Rieck emphasizes. “And we take ours very seriously indeed.”