Risk-awareness does not suffice in the digital shadow world
METAV 2018 to give tips on cyber-security
Frankfurt am Main, 29 January 2018. – “There is strong shadow where there is much light.” This well-known quote from Goethe also applies to the digital transformation: not only does data communication benefit the company concerned, it also lures the data thief. The “risks of the digital shadow world” will be illuminated by VDMA security expert Steffen Zimmermann, who recommends visiting the Industry 4.0 Theme Park at METAV 2018. Bernd Zapf, Head of Development New Business & Technology at the machinery manufacturer Gebr. Heller Maschinenfabrik GmbH in Nürtingen, will be outlining how the machine tool industry is tackling the issue.
VDMA security expert Steffen Zimmermann sees the Industry 4.0 Theme Park at METAV 2018 as a good source of information for all issues relating to cyber-security. “Cyber-security plays an important role for vendors, since it enables them to adopt new, innovative business models,” explains Steffen Zimmermann. Anyone offering condition monitoring or predictive maintenance, for example, will in the long term have to not only think about their technical implementation, but also about the secure design of the data traffic involved. His recommendation for the companies concerned: “Ask the vendors in Düsseldorf very specifically whether and how they take due account of cyber-security in their solutions. The paramount consideration here is risk assessment. Is there an intention to safeguard confidential data? Who has access to these data? How do data queries from abroad function – from China, for example?
Risk-awareness in terms of cyber-security has significantly increased in the corporate world. “Threats from human agency like wrongdoing and sabotage, infiltrating malware, plus social engineering and phishing, are still at the top of the list,” says Steffen Zimmermann. “Easily implemented technical protective measures, however, are not yet being taken seriously.” As a currently prioritised issue, he cites the control components connected to the internet, which could be protected against hackers by simple technical precautions.
Using a secure communication computer
The machinery manufacturers Gebr. Heller Maschinenfabrik GmbH from Nürtingen will be showing how this works in the Industry 4.0 Theme Park in Düsseldorf. “Heller has in conjunction with Siemens over the past two years been prioritising this question, so as to arrive at a secure solution for linking machine tools to the internet,” explains Bernd Zapf. “For this purpose, we shall be interfacing our machines with the internet solely via a secure communication computer, meaning that between the machine’s control system and the customer’s network a Sinumerik Edge industrial PC from Siemens is interpolated.”
Sinumerik Edge handles readout of the data from the machine’s control system, and saves them in a ring buffer for intermediate storage. The data are either processed further, or directly prepared for forwarding to the internet. This ensures that a direct connection between the internet and the machine is not possible, and that the data are encrypted using maximally stringent security certificates. This communication route meets the statutory requirements for cloud-based data traffic in compliance with the international series of standards on “Industrial Communication Networks – IT Security for Networks and Systems” (IEC 62443) and conforms to the security certificates specified by Siemens. At METAV 2018, Heller will be demonstrating various Industry 4.0 technologies on the Profitrainer training machine with Heller4Industry, e.g. for data traffic with MindSphere: this open internet-of-things system from Siemens helps to prepare the data appropriately. That involves a cloud technology, which works together with different cloud infrastructures (AtoS or Microsoft Azure).
Secure digital identities: the basis for data interchange
As a basis for automated and autonomous data, the VDMA uses a “secure digital identity (SDI)”. To quote Steffen Zimmermann: “The user should be able to trace and assign the decisions of the systems involved on the basis of secure digital identities.” The requirements for these identities are extremely stringent: they have to be very difficult to copy, forgery-proof, and also be amenable to revocation or forwarding. Machinery manufacturers should accordingly now be considering how they can implement SDI in actual practice.
Heller ranks among the pioneers in this field. To quote Bernd Zapf: “Under the designation Heller4Industry, we have for using certain Heller machining centres since the EMO Hannover 2017 been offering an operator model featuring a pay-per-use payment method for the machine’s actual utilisation time – we call this digital business model Heller4Use. Digital payments are handled using a SEPA direct debit procedure.” The actual utilisation time is acquired securely inside the machine’s control system, with subsequent transmission via Sinumerik Edge to MindSphere, where the actual utilisation time is evaluated and invoiced internally at Heller through SAP.
Definition: secure digital identity (SDI)
SDI is an unambiguous identity with additional security characteristics for dependably trustworthy authentication of an object (entity). It prevents an incorrect identity from being simulated. Each networked device that communicates via open networks requires a secure identity. The principal goal is to identify and authenticate individual entities. There are six features defining an SDI: identification, integrity, forgery-resistance, offline identification, authentication and offline authentication. Source: Wibu
Author: Nikolaus Fecht, specialist journalist from Gelsenkirchen
Size: around 5,260 characters incl. blanks
Steffen Zimmermann, Informatics department
Lyoner Str. 18
60528 Frankfurt am Main
Tel. +49 69 6603-1978
Gebr. Heller Maschinenfabrik GmbH
Marcus Kurringer, Marketing
Tel. +49 7022 77-5683
Background: METAV 2018 in Düsseldorf
METAV 2018 – 20th International Exhibition for Metalworking Technologies – will be held from 20 to 24 February in Düsseldorf. It will be showcasing the entire spectrum of production technology. The keynotes will be machine tools, manufacturing systems, high-precision tools, automated material flow, computer technology, industrial electronics, and accessories. These will be complemented by the new themes of Moulding, Medical, Additive Manufacturing and Quality, which are firmly anchored in the METAV’s exhibition programme in what are called “Areas”, each with its own nomenclature. The visitor target groups for the METAV include all industrial sectors that work metal, particularly machinery and plant manufacturers, the automotive industry and its component suppliers, aerospace, the electrical engineering industry, energy and medical technology, tool and mould construction, plus the metalworking and craft sectors.
You will find texts and pictures for METAV 2018 on the internet under www.metav.de in the Press Service section. You can also visit METAV through our social media channels
http://twitter.com/METAVonline | #METAV2018