What prerequisites must be created for sustainable cyber resilience?

Matthias Ochs: The starting point on the path to cyber resilience is a sound risk analysis of critical business processes and the definition of potential threats. Building on this, effective measures are defined to minimize threats. The focus here is not on one hundred percent security, but on adequate security. For risks that cannot be sufficiently reduced with acceptable effort, viable emergency plans must be described. Responsibilities, management structures and communication processes are geared towards emergency situations.

How can the high level of complexity be mastered?

Matthias Ochs: The key is prevention and early detection. The high level of complexity makes prevention a challenging task where traditional firewall rules and policies reach their limits. AI-based threat defenders use data analytics and threat intelligence to build a second line of defense and complement existing firewall solutions. Industrial firewalls such as our genuwall provide highly effective protection against attacks on production networks. At the same time, complexity should be further reduced, for example through clearly defined, minimal interfaces.

What organizational measures are important here?

Matthias Ochs: Above all, security policies must be defined based on tasks and responsibilities. One focus is on identity and service-based access controls. And finally, an IT security organization geared towards cyber resilience is required. Its initiation has a profound transformative impact on the entire organization and is the path to a new IT security paradigm.

Secure data transfer

With its 'NAMUR Open Architecture' (NOA), the automation technology interest group for the process industry (NAMUR) has set itself the goal of making production data easily and securely usable for system and device monitoring and optimization - even for existing systems. The NAMUR initiative proposes a secure one-way channel for the direct transfer of process data in addition to the existing automation structures. On this second channel, the data can be transferred without feedback. A diode that prevents unwanted and uncontrolled data streams in the direction of the sender will ensure the security of the data transfer. The 'cyber-diode' from Genoa enables this type of secure one-way data transfer by preventing communication by product design. In line with the defense-in-depth principle, it protects particularly sensitive network segments with its high security standard as a supplementary security measure. These are then de facto no longer vulnerable from the outside.