The Road to Industry 4.0 Secure remote access and active cyber protection for industrial machinery Hamburg, May 22, 2017 Fabian Bahr
G+D Group Business Units and Divisions G+D Mobile Security Financial Institutions Payment cards Mobile payment services Telecommunications Industries SIM cards Connectivity and VAS management Mobile identity End-to-end security Endpoint security Enterprise Security/ OEM ese / secure OS Connectivity and VAS management ID management Cyber security Software security Secure remote services Security solutions for internat. Governments and their agencies ID documents Passports Security printing Product and brand protection G+D Currency Technology Banknote Security Solutions Substrates for banknotes Security foils Security features Banknote design Banknote printing Sensor technology Cash Center Solutions Cash management software Banknote processing systems Cash center automation (Remote) services Plant engineering Cash cycle technologies IT security solutions Automotive Critical infrastructures Defence Homeland security Public authorities May 2017 2
Industrial digitization Industry 4.0 / Industrial IoT / China 2025 Motivation for Digitization Benefits with Digitization Support Challenges Competitive Advantage Customer Satisfaction Availability Revenue Cost Pressure 1,5 cm1,5 cm Digitization Technology Leadership Performance Optimization New Work / Business Models Reduce Service Time and Cost Risk for Cyber Attack May 2017 3
Industry 4.0 Big opportunities but also high risk 28Mio. 50Mrd. 3-5*% 30-50% PRODUCTION DOWNTIME RISK Costs in the automotive industry per day weigh risks of introduction of new technology against process reliability CYBERSECURITY RISK Annual damage to the German manufacturing industry caused by cyberattacks 60Mio. 51% 1,5 cm1,5 cm PRODUCTIVITY increased Reduction of MACHINE DOWNTIME 20-50% 45-55% Decreased costs for INVENTORY HOLDING Increase of PRODUCTIVITY in TECHNICAL PROFESSIONS due to automatization QUALITY LOSS RISK DATA MISUSE Number of cars that were Most German executives recalled in 2014 throughout identify data misuse by the US hackers or partners as the - 2 recalls per day greatest concern Source:McKinsey Industry 4.0 How to navigate digitization of the manufacturing sector PWC Industry 4.0 Building the digital enterprise 20-50% Reduction of TIME-TO-MARKET *) up to 22% (Bosch Blaichach) 10-40% Reduction of MAINTENANCE COST May 2017 4
Risk through Cyber-Attacks Allianz Risk Barometer Cyber-Attacks against the industry Malicious computer worm (stuxnet) destroys a fifth of Iran s nuclear centrifuges Hack attack causes massive damage at German steel works Top 10 Global Business Risks 2017 Encrypted malware (ransomware) found in German nuclear power plant Cyber incidents 2010 Canadian biscuit factory blackmailed 2015 2014 Cyber attack on US power grid causes black out 2015 2015 German hospital blackmailed after 1,5 cm1,5 ransomware based cm attack 2015 17% (5) 2016 28% (3) 2017 30% (3) 2016 The dark figure is big Many attacks are detected late or not at all The risk for Cyber-Attacks is growing fast, this requires effective countermeasures or higher capital surplus May 2017 5
Security risks in Industrial Control Systems ICS Nr Top 10 risks in 2016 (2014) BSI-CS-005 1(3) Social engineering and Phishing 2(2) Injection of malicious software on removable media and external HW 3(1) Infection with viruses / trojans over intranet and internet 4(5) Attack via remote maintenance access 5(4) Human error and sabotage 6(6) Internet connected control components 7(7) Technical misconduct and force majeure 8(9) Compromised extranet and cloud components 1,5 cm1,5 cm 9(10) (D)DoS attacks 10(8) Compromised smartphones in the production environment May 2017 6
IT-Security versus OT-Security Security Topic IT-Security (Office) OT-Security (ICS) Anti-Virus & mobile code countermeasures Support technology lifecycle 3-5 years Common; widely used Outsourcing Common; widely used Rarely used Uncommon; difficult to deploy Up to 20 years (or even longer) Application of patches Regular / scheduled Irregular / slow (vendor specific) Equipment refresh Regular / scheduled Legacy based; unsuitable for modern security Time critical content Delays are generally accepted Critical due to safety Availability Delays are generally accepted 24x7 (continuously) Security awareness Good in both private and public sectors Generally poor regarding cyber security Security testing / audit Scheduled or mandated Occasional testing for outages Physical security Secure Varies, but often remote and unmanned May 2017 7
The Road to Industry 4.0 AUTONOMUS OPTIMIZATION OPTIMIZED CONSTUCTION USAGE BASED PAYMENT MASCHINE OPTIMIZATION OPTIMIZED MACHINE USAGE Smart Machine SYSTEM UPDATE PERFORMANCE MANAGEMENT PERFORMANCE REPORTS 1,5 cm1,5 cm EFFEKTIVE MAINTENANCE INTERAKTIVE PRODUCTION Smart Machine SMART FACTORY Smart Machine DATA ANALYTICS REMOTE- DIAGNOSIS Smart Security SECURE INDUSTRIAL VISIBILITY MACHINE PROTECTION TRUSTED IDENTIFICATION USER / POLICY MANAGEMENT May 2017 8
G+D Mobile Security Industrial Security Portfolio Secure Industrial Visibility CPS Protect CPS Remote CPS Anomaly Detection Awarded solution for active cyber protection and secure remote access to industrial machines Supports industry IT with high-end security as well as future-proven machine service and maintenance for existing and upcoming machinery Meets the high security requirements for remote management in industrial environments (BSI CS-108) of the German Federal Office for Information Technology (BSI) Top end industrial grade, managed firewall Latest security solution and network security, designed for industrial systems and environments Security without side effects and without impacting machines, systems, or production processes Supports micro segmentation or full stealth (100% transparent) mode Integrated into a machine it decouples security and machine lifecycle Industrial IoT connector clientless and without side-effects Allows near real-time answer to support requests Problem analysis and often resolution without service engineer being on-site System monitoring allows condition triggered or predictive maintenance Customer has full control over any remote access activities Self learning Anomaly Detection System ADS made for industry Allows local, machine / data specific or server / site level anomaly detection Network behavior based learning and detection Includes compliance and policy verification as well as Bot-net and hidden command detection Fully controlled by the customer May 2017 9
www.gi-de.com twitter.com/gi_de_com www.gi-de.com/youtube www.linkedin.com/company/giesecke-&-devrient Securing connected things