Managing Security, Safety and Privacy in Smart Factories
“Digitisation in business and production presents industry with a host of new opportunities, and sometimes even completely new business models", says Curt Winnen, General Manager of Munich Network e.V., the Munich-based independent not-for-profit organisation geared to promoting entrepreneurship and innovation. “This is a big chance for Germany where the manufacturing sector accounts for over 20 per cent of the economy.“ According to Winnen, German companies that strive to defend their positions as global market leaders must also play a key role in the introduction of intelligent production facilities or smart factories. Key advantages of smart factories include easy access to information from production processes and business partners in the supply chain, intelligent analysis of the large volume of data created thereby and direct control and interoperability of machines in the production process.
IT security critical for the success of industry 4.0
However, the increasingly extensive interconnectivity of production systems and the necessary processing of large volumes of data make smart factories more vulnerable to malicious attacks, sabotage and espionage than conventional production facilities. “This turns IT and data security into a key success factor for smart production and the entire development of Industry 4.0”, explains Dr Armin Pfoh, Vice President Corporate Strategy & Innovation at TÜV SÜD. According to Dr Pfoh security risks are particularly high when conventional production facilities and manufacturing equipment are upgraded with modern communication technology and additional “intelligence”.
In their “Managing Security, Safety and Privacy” white paper, Munich Network and TÜV SÜD provide a detailed analysis of the challenges involved in the introduction of smart factories. Complementing the German government’s digital agenda and high-tech strategy, the white paper is designed to provide a practice-focused recommendation for action for the managers of all companies seeking to transform their production facilities into smart factories. The individual chapters of the white paper address subjects such as “Cyber Espionage and Cyber Sabotage”, “Data Ownership, Rights of Use and Privacy”, “Designing for IT Security in Smart Factories” and “Incident Management, Liability and Insurance”.
Incidents in smart factories can have serious consequences
“In smart factories, failure of IT security can be far more serious than a failure of office communication equipment”, explains Dr Florian von Baum, a partner at the legal firm Pinsent Masons and co-author of the study. Malfunctioning production systems, for instance, can bring production to a standstill, have negative impacts for customers or cause accidents that result in damage to machinery, injuries to people or environmental pollution.
The white paper shows very clearly that the introduction of smart factories is a highly complex subject which requires the attention of top management. It also demonstrates that organisations would be well advised to establish the role of Chief Information Security Officer (CISO), who is responsible for the implementation of security requirements. “One key factor of success is that CEOs provide the required organisational, technical and legal resources at an early stage in the planning process to ensure the level of IT security and data privacy needed in smart factories", emphasises Willem Bulthuis, digitisation consultant and co-author of the study. “All management functions must work proactively towards reaching this goal.”