Christoph Scherrer, Bachmann: "What is connected to the network must be protected. Otherwise Industry 4.0 won't work!"

© Computers&AUTOMATION

Mr. Scherrer, you have placed a Trojan horse on the stand - which neighbouring stand will Bachmann attack tonight?

Scherrer: We are not attacking anyone, because the horse has been tamed by us and will not leave the stand - we promise! Instead, we want to use the eye-catcher to educate our industrial customers and make them aware that they should not let malware or attackers into their production without knowing it. In our view, there is still far too little talk about security overall - suppliers and users alike avoid the topic. Yet we absolutely need an exchange with users in order to develop defense solutions together!

Are users ignorant?

Scherrer: Yes, many of them are. Ignorance is one of the biggest gateways for attackers - see Shodan.io, for example. The search engine can be used to find open, unprotected controllers or IoT devices worldwide - many of our industrial customers were surprised when we presented them with the search engine results. Looking at the HMI of a brewery in Italy? No problem, everything can be found quickly. Or take Google Dorking. This is a passive attack that can be used to find out usernames and passwords, email addresses, secret documents, private financial data and security gaps on websites.

So what is your advice?

Scherrer: An important first step would be to stop using default passwords or default operating settings and to patch them consistently. Another measure is to encrypt files, as we do with our own M1 controllers. This allows us to protect critical data such as log files or recipes. Fine-grained access control also makes it possible to allow or deny access to individual files and even variables for each user. This is monitored by a central security log, which records every logon and logoff process as well as all access changes and therefore also serves as a helpful tool in the event of a warranty claim. And: We can connect further cryptographic applications via open interfaces.

Is that enough?

Scherrer: No, certainly not. We also equip our controllers with functions to limit the bandwidth of the network in order to increase robustness against intentional and unintentional network disruptions. Real-time processes are not disrupted by network interface overload. The access control and monitoring measures already mentioned are also effective here. These help to prevent unauthorized function calls and, if the worst comes to the worst, to limit potential sources of error.

And what can or must the users themselves do?

Scherrer: Operating a complex machine park requires consistent and centralized management of users, their passwords and authorizations as well as certificates. Accordingly, we recommend that users have a security management system with clear guidelines and an assignment of rights - because the biggest risk is employees in the company who destroy the processes either ignorantly or because they are frustrated. Security logs must also be collected and analyzed centrally.

If the worst comes to the worst, our automation system also offers a backup and recovery mechanism. But we should also be aware that many attacks are only registered by companies many months after the actual attack.