Even large industrial groups are not protected against hacker’s attacks as one knows from experience. André Zivny, Product Manager Automation Engineering at Baumüller informs that here is a gap that nevertheless needs to be filled. With regard to safety a careless handling towards remote servicing of the plant still is found. However, by simple means a lot can be achieved.
? "The degree of networking of industrial facilities and infrastructure will continue to increase." What preconditions need to be created for this and what precautions need to be taken?
Zivny: Acorresponding infrastructure must be available in order to keep up with the constantly growing networking. Standardized interfaces and protocols should be used that rely on a broad basis and that ensure a regular enhancement. This also means away from proprietary systems. Furthermore, a separation of the productive networks from the "normal" company networks can or should also be considered and sufficiently secure technology can or should be used.
? What is the level of security awareness in the industry in general?
Zivny: Security awareness in the industry has increased in recent years. However, the topic of security in industry has to be addressed even more intensively, because there is still a lot of catching up to do here. Not everyone is aware of the threat and hazards yet. In my opinion, attacks on machines and production systems will increase. The temptation is quite high to cause damage with relatively simple means, such as manipulation and extortion.
? What does it mean to enhance the communication technologies for the topic of remote maintenance?
Zivny: It means a greater range of functions and more possibilities for remote maintenance. "Remote maintenance" initially consisted of pure support on the telephone. There were pretty fast modems that could be used to call a machine. With today's technology and bandwidth, users can be provided with a variety of services.
? You see the user as the greatest risk when machines and systems are remotely serviced. In your opinion, where are the (human) weaknesses?
Zivny: Humans are creatures of habit. Instead of generating difficult long passwords made of a combination of numbers, characters and letters, we prefer to use simple standard passwords. In the worst case, we even forgo passwords or use terms or words that can be found in a dictionary. These passwords can easily be hacked and thus pose a tremendous security risk. It would also be important to convey the appropriate knowledge to employees about how to detect and avoid threads and hazards. Unfortunately, costs are often spared here for such trainings or briefings, often out of ignorance. It is also important to have a secure configuration of remote maintenance with the right software. Using secure connections with sufficiently strong encryption may seem too complicated and difficult to configure, but it is essential. In addition, critical security gaps in the respective systems and protocols must be responded to as quickly as possible.
? Where do you see approaches to correct this "problem?" What solution does Baumüller have for this in the portfolio?
Zivny:Thanks to Ubiquity, Baumüller provides its customers with a secure remote maintenance solution that is certified to IEC 62443-3-3 and also meets BSI (Federal Office for Information Security) guidelines. The solution is made up of several components that ensure secure remote maintenance in their interplay. Ubiquity is installed on all Windows-based HMIs of Baumüller by default. The authentication takes place by means of certificates between the runtime environment and the so-called "control center" (which is connected to the customer domain), which are exchanged during the first contact between both components. Ubiquity identifies existing connections and configures itself automatically for secure remote maintenance. With this solution, no costs are incurred for additional hardware or server infrastructures. All activities on the devices, the connections and the domain can be tracked by using the audit trail function. The user is provided with useful services for secure remote maintenance with the integrated firewall, the traffic monitor and additional tools.
? How can secure remote maintenance be carried out and how can a network be secured?
Zivny: In general, the perception of the threat has to be sharpened at first. This can be done through intensive training of employees and machine operators. Minimum measures should then be considered as a technical solution in order to secure the remote maintenance. For example, this includes encrypted communication using secure VPN technologies, corresponding user and authorization management and the associated authentication. However, it should be clarified in advance how and where the remote maintenance is to be used: the inspection of your own infrastructure, how is the productive network set up, how should communication take place, what ports are opened, etc.
? Are there standards for secure access to systems, devices and data that are independent of the respective location or network of the machines?
Zivny: A de-facto standard in remote maintenance are the VPN connections. However, VPN connections can also be attacked, intercepted or manipulated (e.g. so-called DoS or man-in-the-middle attacks). This risk in particular exists when known weak points were not eliminated in the VPN solution used or if the respective updates are not used. A sufficiently strong encryption should also be used.
? What role does secure remote access play in the context of Industry 4.0?
Zivny: A very big role. The networking of machines and systems is always leading to larger amounts of data that have to be protected against unauthorized external access. At the same time, however, remote maintenance must be possible to be able to maintain, check and control the modern, highly specialized and optimized production facilities.
? In your opinion, does security represent an initial hurdle for small and medium-sized companies in the world of Industry 4.0? How can this hurdle be overcome?
Zivny: Security is the alpha and the omega. It must always be ensured. In the era of Industry 4.0, security has become much more important and so absolutely can be called an initial hurdle. The hurdle can be mastered well by using secure remote maintenance solutions, such as Ubiquity.
The interview is published in the magazine messtec drives Automation 3/2017.
Ubiquity at a glance
Baumüller offers a safe solution for the remote maintenance of machines and systems with Ubiquity. The Ubiquity solution consists of three different components: The Control Center, the runtime environment and the server and infrastructure. The Ubiquity runtime environment is pre-installed in all Windows-based HMIs of Baumüller and can be connected to a domain. With Ubiquity, Baumüller enables secure and simple remote maintenance that does not require separate hardware and offers numerous services.