At first glance, the topic appears to be an impenetrable tangle that is difficult to understand. However, a look at the phases of increasing networking towards modern "intelligent" systems provides orientation and clarity.

Phase 1 - Safety and accident prevention

In this early phase, the safety of production systems is defined almost exclusively by safety - i.e. accident prevention. Specifications such as the Machinery Directive or functional safety define a risk assessment process in which the focus is on minimizing hazards. Once this process has been completed, it is almost impossible to
changes are possible, as these would possibly entail a new assessment process. The legal relevance of this process, combined with the "sacred cow" of availability, can easily ensure that numerous (IT) security measures are simply rejected, as safety-relevant changes to the system are feared.
Only security measures that require little or no intervention in the system can be introduced. These include application safelisting solutions such as Trend Micro SafeLock or Trend Micro Stellar-Enforce. Other solutions enable the search for and removal of malware without any software installation (for example, Trend Micro Portable Security in the form of a USB stick).

Phase 2 - Security in the network

© Trend Micro

Whether it's the requirements for remote maintenance, production monitoring "from home" or smart factory concepts: Sooner or later, many operators are confronted with the requirement to network systems. At this point at the latest, however, it becomes clear that many systems are not designed for networked operation, but were designed as stand-alone systems. This is particularly evident in the area of security, where authentication and authorization concepts, secure protocols or encryption are often still simply foreign concepts.
The network connection to MES or ERP systems is often accompanied by a connection to the office IT and therefore to the Internet. However, it is often overlooked that the network connection is not a one-way street in most cases. If the machine sends data "outside", attackers can also access the systems "from outside". The office IT connection also means that attacks that start "in the office" can simply make their way through to production. Combined with old patches (see phase 1) and a lack of security functions, this creates a veritable
Eldorado for cyber criminals. Current ransomware cases in industrial environments clearly demonstrate this.
In this phase, it is important to protect the vulnerable systems in the best possible way despite the network connection. Industrial firewall/IPS systems such as Trend Micro EdgeIPS or EdgeFire are ideal for this purpose. These protect vulnerable systems, cells or roads at network level against both attacks from office IT and attacks via field network protocols.

Phase 3 - Security in the supply chain

© Trend Micro

Starting with the connection of web store and production (build-to-order, batch size 1), but at the latest with the networking of production control across supply chains, security must be considered holistically. In this environment, it is no longer sufficient to focus solely on production. All parties involved in the ordering, logistics, planning and production process now also represent a potential risk. Ultimately, it makes no difference whether production is not taking place because a machine has been compromised, the web store is down or a supplier is unable to process orders due to an attack. The result is always the same. It is therefore important to consider all potential risks.
However, the majority of these risks can be found far away from production
security, namely primarily in office IT, the data center and the cloud. Security solutions such as Trend Micro's Cloud One platform make it possible to secure these structures - regardless of the form factor (hardware, VM, container, serverless) and type of infrastructure (local, distributed, in the cloud).

Trend Micro's web seminar during the Application Days 2021

Udo Schneider welcomes you on September 23 at 09:00 a.m.

© Trend Micro

In the web seminar "From Availability to Supply Chain Integrity", Udo Schneider, IoT Security Evangelist Europe at Trend Micro, takes a look at the phases of increasing networking towards modern "intelligent" systems and highlights various security measures appropriate to each phase.

September 23 at 10:00 a.m. - REGISTER HERE FOR FREE

Application Days - Safety & Security theme day

© Computers&AUTOMATION

The topics of safety and security are significantly influenced by Industry 4.0 technologies. This is because modern communication networks bring enormous advantages - for example, they enable networking and connection "to the outside world". However, this connection also proves to be a gateway for potential threats. There are various potential scenarios: from data theft and interference in production to influencing machine safety, which poses a direct threat to employees. In short, the two disciplines of safety and security are becoming increasingly intertwined and should therefore no longer be viewed in isolation from one another.

Here is an overview of the topics of the Application Days "Safety & Security".