Protecting machine tools from cyber attacks


Data security is gaining in importance as Industry 4.0 takes shape. Automation, cloud applications and globally networked machines and components play key roles when it comes to shielding systems from external threats.

As digitalisation becomes more prevalent across industries, there is a growing need for companies to safeguard against cyber risks. This is because German industry is increasingly becoming a target for cybercriminals: more than eight in ten industrial companies (84 per cent) have reported an increase in the number of cyber attacks in the past two years, with more than a third (37 per cent) reporting a strong increase. This is the result of a 2018 survey conducted by the Bitkom digital association, which interviewed 503 managing directors and security officers from all sectors of industry. “German industry is under constant digital fire – from petty digital criminals, organised crime and even state-backed hackers,” says Bitkom President Achim Berg. “The nature and scale of the cyber attacks is set to increase.” One thing is certain, however: cybercrime is a worldwide phenomenon that does not stop at national borders or at locked factory gates. It can happen wherever people use computers, smartphones or other IT devices.

Responding to security vulnerabilities and software bugs

The Balluff Group is a global player in the automation sector. With its workforce of 4,000 employees the company offers a comprehensive portfolio of sensor, identification, network and software solutions for all areas of automation. Protecting against cybercrime is a key aspect in the development and design of customer solutions. “Cybercriminals often use known vulnerabilities or bugs in outdated software to gain access to a system. “Promptly installing updates and security patches considerably reduces the risk of cyber attacks,” says Philipp Echteler, IIoT Strategy Manager at Balluff. Using versioned software and firmware and monitoring these help create greater transparency. “Avoidable dangers also emanate from devices that were originally only designed for communication with the controller of isolated networks, and not for connection to the Internet. Many of these Ethernet-enabled automation devices have no protection features, which leaves them vulnerable to attack,” continues Echteler.

Protecting systems from manipulation and cybercrime

But what are the best ways to protect complex networked systems against manipulation and cybercrime? “In principle, any networked system represents a possible point of attack. a well-designed security concept is therefore indispensable for safeguarding such systems against manipulation and cybercrime,” says Juliane Schneider, Junior Product Manager at Symmedia. Symmedia GmbH from Bielefeld has been developing service solutions for the mechanical engineering sector since 1997. The company’s digitalisation expertise – especially in the field of mechanical and plant engineering – is strengthened by its alliance with Georg Fischer, a mechanical engineering company to which Symmedia has belonged since 2017. “When it comes to handling sensitive data, any human negligence poses a security risk. An unnoticed cyberattack, the reckless multiple use of passwords or the deliberate divulgence of confidential data – any human action can have major consequences and cause significant damage,” says Schneider, listing just some of the more obvious risks. Echteler adds: “The risks which arise from internal threats should not be underestimated. Employees unthinkingly open email attachments which can be used to smuggle in viruses unnoticed, or they send critical company information in unencrypted form by email.” Poorly protected or forgotten maintenance access routines represent back doors that attackers can then use for their own purposes.

Firewalls that automatically conduct trustworthiness checks

Encryption mechanisms such as SSL or TLS must be deployed as standard in order to protect complex networked systems from manipulation and cybercrime. These encrypt all data traffic between servers, computers and applications in a network. Another common practice is to install a firewall which checks the trustworthiness of all parties seeking access to a computer in order to automatically protect it from attacks or unauthorised access. “Having separate production and office networks offers additional security. Further recommendations include minimising the number of network accesses and routing the data stream via a central, monitored gateway. Potential threats can often be identified at an early stage if data and network traffic levels and individual nodes are also continuously analysed,” says Echteler, citing further options that can help increase security.

Solutions for data security in networked production

Balluff has established its own team of experts to offer comprehensive consulting services to customers all over the world. Some of the Balluff devices now also feature hardware encryption based on the Trusted Platform module. In addition to minimum requirements such as firewall protection, Symmedia also uses HSM and TPM procedures (based on so-called hardware security and Trusted Platform modules) to ensure that only secure software is run. “We also use a proprietary network protocol to provide very high level protection against unwanted access. It is virtually impossible to hack into these connections,” says Schneider. The company uses a secure and workflow-based point-to-point link for digital service support. “The use of common encryption, authentication and authorisation procedures for client applications, servers and programming interfaces, so-called APIs, is also a matter of course for us. In addition, we offer many other security measures, including a PKI (public key infrastructure)-based individual machine and user certificate structure, password rules, the irreversible storage of access data with up-to-date hash procedures and multi-factor authentication,” continues Juliane Schneider.

Clouds and corporate clouds have a role to play

Another major point with regard to data handling is the location of the data storage. Three in ten companies (29 per cent) use a cloud solution that is outsourced to a certified data centre – either to achieve possible cost savings, to relieve the strain on their own IT staff or to obtain greater security. Another ten per cent plan to do so and 28 per cent are discussing this as an option. This is shown by the Digital Office Index 2018 – a representative survey of 1,106 Bitkom companies with 20 or more employees. According to the Index, fewer than three in ten companies (28 per cent) state that cloud hosting is of no concern to them. A comparison of the different industries reveals that the mechanical engineering and plant construction sector is the frontrunner in this field. According to Bitkom, almost half of all companies in this industry (46 per cent) are already using external cloud service providers. For Balluff, too, the public cloud is the first choice. “Its high availability is attractive because its platforms are replicated in independent, geographically distributed data centres. Other advantages include its easy scalability, its high level of security, its use of state-of-the-art technologies and encryption, and its service continuity. These guarantee that the solutions will work even in the event of negative scenarios,” emphasises IIoT Strategy Manager Echteler. From experience we know that it is not possible for a company’s own IT staff also to run a cloud. This is a task for suitably qualified specialists. Symmedia, on the other hand, offers its customers hybrid solutions. “This gives our customers flexibility combined with outstanding security. And this in turn gives them full data sovereignty,” says Junior Product Manager Juliane Schneider. They can decide for themselves which data they want to store centrally, for example in a cloud, and which is only to be stored locally. “We have found that our customers are open to central solutions, but always want to be able to store specific data locally, depending on how sensitive it is.”

Examples of data protection and security concepts at the EMO

At the EMO Hannover, Symmedia will be showcasing a digital factory to demonstrate its software’s capabilities and show its practical applications in daily production. There will be live demonstrations, for example, of condition monitoring, alarm scenarios and remote services. Visitors will also be able to find out about predictive maintenance, data protection and security concepts, and pick up information on the use of Symmedia software across systems made by different manufacturers. Balluff will be presenting productivity enhancement solutions in the metalworking field. These include innovative concepts for intelligent manufacturing systems. Chief among these are a retrofit tool management system and solutions for continuous machine tool process monitoring.