The worst-case scenario for any industrial company is an unscheduled production shutdown. If the cause is a cyberattack, this makes it difficult to predict how long the shutdown will take. In smart factories, where IT and OT are networked, the first step is to determine how and where the spread has already taken place. In this interview, Dr. Falk Herrmann, CEO of Rohde & Schwarz Cybersecurity, provides important tips for preventing such scenarios.

Are German companies adequately prepared for potential cyber attacks and are their protective measures sufficient?

Herrmann: German industrial companies are often not sufficiently protected and are therefore frequently affected by cyber attacks. Prominent examples from the recent past include attacks on the companies Krauss-Maffei, Pilz and Lanxess. However, most incidents go unnoticed by the public. Yet every day, IT networks of SMEs are hacked, data is stolen and companies are blackmailed. Although these companies have invested many years in protecting their IT, these measures are no longer sufficient in the age of digitalization.

The problem is that the attacks are becoming increasingly professional and perfidious. Take Emotet, for example. This malware is a door opener that attackers can use to download further malware from the internet. This is what makes the attacks so dangerous. The path to the computer is relatively simple. Emotet is infiltrated onto company computers with the help of fake emails, so-called phishing emails. Professional hacker gangs are behind the mailing, initiating a veritable flood of phishing emails.

Hacker attacks are a major threat to production in the manufacturing and process industry. This is because the convergence of OT and IT in the smart factory means that downstream attackers quickly spread throughout the entire company network. In order to prevent the spread of malware, a large part of the IT systems must be shut down. The machines then come to a standstill. This can threaten the existence of a medium-sized industrial company.

Attack surfaces through cloud services

The coronavirus pandemic has further exacerbated the threat. Hackers are increasingly exploiting the current need for information. Malware is being smuggled onto computers via fake websites, emails or graphics that appear to come from trustworthy sources. At the same time, new forms of mobile working via web applications and cloud services are creating new areas of attack.

Today, it is no longer just about the danger posed by criminal hackers. Anyone who stores their data with a US cloud provider must know that it is not safe from access by US authorities. This is not only a problem for a company's competitiveness - it also violates the EU GDPR.

Regardless of the budget, which three security measures should companies implement to protect themselves from cyber attacks?

Herrmann: Firstly, internet access must be secured. This is because the browser is the main gateway for attackers. The easiest way to do this is with a virtual browser. It is crucial that this is a fully virtualized surfing environment, as implemented in the R&S®Browser in the Box. This solution enables consistent network separation. Instead of detecting malicious code - as is the case with antivirus programs - all potentially dangerous activities are isolated in this virtual browser. Malware, such as Emotet and ransomware, then has no chance.

© Rohde & Schwarz Cybersecurity

Secondly, web-based applications must be protected by special web application firewalls. This is because it is relatively easy for hackers to hack into portals protected by logins and gain access to the database behind them. Cyber criminals gain access to large amounts of personal data in one fell swoop and can steal or delete it. Network firewalls are powerless here. A web application firewall analyzes the data exchange between clients and web servers. If certain content is classified as suspicious, access is prevented via the web application firewall.

And thirdly, a current topic is the security of data in the cloud. Companies urgently need a data protection-compliant solution. This is because the European Court of Justice recently ruled that the agreement to protect European data that is transferred to the USA - the so-called "Privacy Shield" - is invalid. Companies that use cloud services are faced with a dilemma. Compliance with the EU GDPR in the cloud is currently only possible with a data-centric security solution. This involves decoupling and encrypting the data from the work processes and service offerings of non-European cloud providers. In this way, they can be stored anywhere.

Keyword security as a service: should the manufacturing and process industry consider managed security services?

Herrmann: In smaller and medium-sized companies, there is often insufficient know-how and personnel to implement modern IT security. In view of the enormous dangers posed by an attack and the pitfalls of regulations such as the EU GDPR, it can therefore make sense to outsource IT security to external experts. Service providers also offer the option of a 24/7 emergency service. After all, attackers don't keep to office hours. So if you are prepared to hand over control of your own IT security, MSS can be the right way to achieve modern and professional IT security in your company.