Never Trust a Smart Device | MABiF #6 Review

Never Trust a Smart Device

Hardly any other industry is more affected by Industry 4.0 and the Internet of Things than mechanical and plant engineering. Cyber security is a matter of survival here. Welcome to MABiF #6.

“Maschinen- und Anlagebau im Fokus” [mechanical and plant engineering in focus], MABiF for short, is the name of a series of events organised by the Styrian Business Promotion Agency (SFG) in cooperation with FH CAMPUS 02 and the Automation Technology Platform Styria, as well as the Silicon Alps microelectronics cluster for this issue. MABiF enables networking and exchange of experience and knowledge between companies in the industry, research institutions and other relevant players in this field. Data centre operators, for example. The sixth edition of MABiF took place on 23 April 2018 at one of these centres, namely the Raiffeisen Rechenzentrum in Raaba-Grambach near Graz, one of the largest and most modern centres of its kind in Austria. The event started in the afternoon with several guided tours of the data centre’s Service Operation Centre. The evening event was hosted by FH CAMPUS 02 Director of Studies Udo Traussnigg. The topic of “cyber security in mechanical and plant engineering” is a pressing one for literally everybody in the industry, as Ulfried Paier, Managing Director of Raiffeisen Rechenzentrum, elaborated in his presentation. According to a 2016 study by Bitkom Research, almost two thirds of industrial companies have already been affected by data theft and the associated espionage or sabotage. These figures were also reflected in a live survey of visitors during the event. Paier also explained that almost half of all companies had some catching up to do in terms of securing their IT infrastructure. The reason for this can be ascribed to the ever-shorter life cycles of IT and the continuous appearance of new threats. Every year, cybercrime causes damages of several million euros in Austria. And that number is rising.

Possible solutions

The increasing networking of countless components of production plants to complex cyber-physical systems opens countless doors for intruders. A case for Infineon. Andreas Mühlberger and Sarah Haas, from the market leader for chip card technology and security systems, showed possible security solutions for the use of industrial robots. These are used more and more frequently in production and are vulnerable in two ways. On the one hand, as a gateway for hackers, on the other hand because a hacked (and thus externally controlled or uncontrolled) robot weighing several hundred kilos poses a real danger to humans and the production environment. The best and most sophisticated security systems are of little use if they are not handled correctly. Security specialists Gerald Kortschakof of sevian7 and Georg Kremsner of Limes Security drew urgent attention to this. This begins with diligent authentication of employees, and doesn’t end with regular training for emergencies – in other words, what to do when a system is hacked. Both experts emphasise: “Convenience is always at the expense of security.” This convenience can be particularly exploited, for example, in the case of unsecured access for remote maintenance of systems. Simple measures such as strong passwords, multiple authentication and regular software updates are, as banal as this may sound, an important step in the right direction and are by no means a universal matter of course. Stefan Marksteiner from Joanneum Research demonstrated how much the Internet of Things is already a reality and a risk in our daily lives. Modern cars are moving (and not always well secured) data centres with the potential for external control. Unsecured “intelligent” light switches and similar devices can take out entire firewalls. This is why the project “IoT4CPS” was brought into being by Joanneum Research and various partners from the domains of business and science. Its aim is to make cyber-physical systems more secure through a variety of measures. For example, through safety specifications already in the product design, binding standards and certifications, coordinated product life cycles and much more. Marksteiner pleaded for a new, enhanced awareness: “Never trust a smart device.”

Cyber-security for everyone

Visitor questions were answered in the subsequent panel discussion with the speakers, who were bolstered by security specialist Manfred Aignerfrom Yagoba. Topics such as certification, hardware security and the new data protection regulation were discussed, as were simple ways of spreading viruses, for example by scattering infected USB sticks in car parks, where passers-by simply take them and start using them. Although this procedure was already used in 2010 for the worldwide spread of the Stuxnet computer worm, and the public was informed and warned about it, unfortunately it still works. To prevent such things from happening in the future, MABiF #6 began with a press conference with the experts present in order to explain the scope of the topic to the general public. Because one thing is crystal clear: cyber-security concerns us all.

  • Presentations (PDF) and subsequent links can be found here.
  • Photos (© Styrian Business Promotion Agency SFG)