IT security in Industry 4.0: What you should know.

Angela Merkel already said in 2016, “Data are the raw materials of the 21st century.” And she was right: Data provide valuable information about niches in the market, customer wishes, opportunities for optimising operational processes and much more. In the age of digitalisation, these data are increasingly gaining in importance, for today’s industry leans upon extensive interconnectedness in terms of information technology. In this context, a distinguishing feature of the smart factory is the way it makes combined use of innovative technologies such as the Internet of Things, cyber-physical systems, cloud computing and big data. Each time information is exchanged between man and machine, or between machine and machine, data are generated, made available, transmitted by a cable or wireless connection, and stored. Against this background, the protection as well as storage of data acquire an entirely new significance in Industry 4.0. 

But what types of data arising in a company nowadays have actually been collected by machines and need to be protected? On the one hand, some machines collect personal information, such as login data. These data are useful, for example, if companies wish to put together a maintenance history. For the login data can be used to determine exactly which individual was working when on a machine. Companies must remember, however, that personal data are subject to the new General Data Protection Regulation (GDPR) and must therefore be treated with great care. In order to establish GDPR compliance, companies should therefore find out whether their systems collect personal data. If that is the case, it must be checked whether such data may be collected and, if necessary, permission to do so established by means of consent. (A guide from VDMA (German Mechanical Engineering Industry Association) on how to handle personal data in the era of Industry 4.0 can be found here(opens in a new tab)). 

However, apart from personal data, the smart Industry 4.0 machines also collect a number of product and process data that can provide an important basis for decisions to be made within a company. Process data, for instance, can be used to precisely analyse the condition of a machine and its efficiency – an important source of information for predictive maintenance, for example.  

In the next section, you will learn why companies should keep a close eye on exactly these data. 

As described at the beginning, large quantities of data arise in highly automated production processes. In this connection, many companies are asking themselves just how reliably their, in some cases, highly sensitive data are protected while they are being exchanged within the cyber-physical systems or when the machine data are transferred in the case of cloud computing to an external data centre for storage and processing. 

These concerns are certainly justified since the aspect of IT security is gaining more and more significance due to the growing number of cyberattacks. The reason is that machines that are directly connected to a cloud, combined with highly complex networks of devices, produce vulnerable targets for cybercriminals. Likewise, artificial intelligence and IoT sensors used in industry for improved automation and faster processes are not spared either. They, too, are increasingly becoming a target for cybercriminals.

A study carried out by Bitkom, Germany’s digital association, and the domestic intelligence service of the Federal Republic of Germany reveals the current situation: Whereas, in 2015, only 51 % of the interviewed companies in Germany had been victims of cyberattacks (data theft, sabotage and industrial espionage), they amounted to 75 % in 2019. Particularly popular targets for attacks by hackers were, above all, Germany’s small and medium-sized enterprises. In just 2019 alone, the IT defenders at Siemens had to ward off 1000 attacks every month. 

Data security is therefore a topic that companies should take seriously. There might always be a residual risk involved in the handling of data, but the risk can be greatly reduced by observing security protocols and also by working together with reliable partners who are in possession of the corresponding security certificates. 

For a long time, the safety of machines exclusively related to their reliable operation, i.e. classical occupational safety and health. Functional and technical safety measures, such as protective equipment or guarded access points, were meant to safeguard operators against the machines. With the arrival of the highly complex smart-factory machines and robots, the measures for protection had to be extended to also include the aspect of security: IT security, cybersecurity as well as security against attacks on control equipment. 

These security measures serve to prevent, identify and confine attacks by hackers, espionage and product piracy. While safety focusses on equipment that protects operators against machines, security protects the machine against damage and/or attacks from outside. Today, in Industry 4.0, machine security should be holistic, covering both aspects: safety and security.

VDMA basically recommends taking the following steps before introducing measures for data security for machines:

A complete set of guidelines from the VDMA, “Industry 4.0 Security”, can be found here(opens in a new tab). 

With KSB Guard, its digital solution for monitoring pumps and other rotating equipment, the pump and valve manufacturer KSB demonstrates how data security can be reliably set up. This smart monitoring solution continuously transmits the data measured at the product so that, based on a trend analysis, incipient damage can be detected early on. Thanks to a cloud connection, these measured values can be accessed anytime and anywhere via the KSB Guard web portal or the KSB Guard app. 

In order to guarantee that these data are secure, KSB imposes stringent requirements that go far beyond the criteria of the GDPR and the recommendations of the German Federal Office for Information Security. 

In the case of KSB Guard, security begins with the fact that the system itself operates completely autonomously and independently of the customer’s actual network. This makes any intrusion into the customer’s network from outside practically impossible. But KSB is also careful to ensure maximum security in the handling of the data themselves: All data acquired by the KSB Guard sensor unit are encrypted by the KSB Guard transmission and battery unit in line with the highest of security standards using TLS 2.1 and then transmitted via the application protocol MQTT-SN to the KSB Guard gateway. 

TLS (Transport Layer Security) is a cryptographic protocol for secure communications across computer networks. The use of TLS 2.1 for encryption protects information against eavesdropping or tampering by unauthorised parties during transmission. To be more specific: A temporary key that is subsequently deleted is negotiated for each connection. As a result, even the owners of the private keys would no longer be able to decrypt the connection later on if the connection should happen to have been recorded. By using TLS 2.1, KSB complies in every respect with the security standard specified for encryption by the German Federal Office for Information Security. 

MQTT is a network protocol for Machine-to-Machine (M2M) communications that enables data to be transported between two devices. With MQTT, there are practically no attack vectors that can be exploited when data are being transmitted to a certain client because clients always initiate the connection to the broker themselves and connections cannot be opened from outside. Therefore no risks arise when use is made of a network address translator (NAT), as is often the case, for example, in local networks.

Once the data have been encrypted and sent via MQTT to the KSB Guard gateway, the latter transmits the data via the secure mobile phone network to the KSB Cloud. Here, too, by relying on one of the world’s largest cloud providers, KSB leaves nothing to chance as far as security is concerned. And quite rightly so since this cloud provider is impressive, above all in terms of security. All data from KSB Guard are stored on German servers subject to the highest of security requirements as per ISO 27001. Other security requirements include C5, CSA and also PCI. 

KSB’s cloud partner is also organised in such a way that its employees are specialised on and deployed for a specific task only. That means that none of them can gain access simultaneously to the servers, to the databases and to the services that process the data. At the same time, this specialised personnel can concentrate on the security and reliable performance of just a single item of hardware or software. And, finally, the data in the cloud can only be accessed using personal login data via https (SSL-encrypted). That makes KSB Guard a thoroughly reliable and safe product. 

Safety and IT security are elementary building blocks for bringing about the digital transformation. Industry 4.0 cannot be implemented if they are not taken into consideration and controlled. A sustainable IT security strategy is therefore essential. Combined and intelligent security solutions serve to increase IT security within a company and significantly reduce the risk of hacker attacks. In this context, KSB Guard represents an option for storing data and making them available on mobile devices that is simple and at the same time extremely safe. 

Have you got any further questions? We look forward to hearing from you. Drawing on its comprehensive expertise in digitalising system components, KSB is happy to support you in making your company fit for Maintenance 4.0.