Interview 25 September 2020
Smart factory: “Security is becoming a key discipline in automation technology”

The notion that a smart, networked, intelligent, autonomous and resource-optimized production will pay companies back has become common sense. Prof. Jörg Wollert, who has served on the teaching faculty at the University of Bochum, the Technical University Bielefeld, and the Technical University Aachen, explains to us what steps should be the first on the path to the Smart Factory. He also points out where corporations cannot afford to drop the ball.

Prof. Jörg Wollert

Prof. Jörg Wollert was born in 1964 and studied electrical engineering at RWTH Aachen University with a focus on retrofitting technology. He received his doctorate from the faculty of mechanical engineering. Research areas include distributed real-time systems and the design of intelligent mechatronic components. After working in industry as a project manager in image processing and logistics systems, he returned to academia as a professor at the University of Bochum in 1999. He taught at the Technical University Bielefeld and joined the faculty at the Technical University Aachen in March 2015. He lectures on Mechatronics and Embedded Systems and develops departmental activities related to Industry 4.0. His expertise is documented in more than 200 publications, numerous textbooks and multiple seminars in his area of expertise.

Prof. Jörg Wollert

The Industry 4.0 vision of the Smart Factory includes the digitization of production and the use of diverse, production-relevant data. What challenges does this pose for cybersecurity?

The question is very complex, almost to the point that it can hardly be answered comprehensively. Let’s start with Industry 4.0. This does not mean that one can buy products that are “Industry 4.0 ready” – instead, it describes implementing a comprehensive strategy that extends from design to operation. This is more complex and significantly more comprehensive than mere automation.

Smart Factory assumes digital communication across an entire corporation. Coordinating business processes and freely exchanging data without side effects are all part of this. However, business processes are usually not in any type of digitizable form, so an actual exchange between corporate entities is impossible. Confidentiality while developing digital business processes includes proprietary knowledge, which must be secured in all circumstances.
Industry 4.0 demands a design that encompasses the entire corporation. In many sectors, this foundation has not yet been developed to the extent that plug-and-produce would even be possible. Similar to the exchange of data in business processes, engineering also has very high demands for confidentiality. Security has the highest priority here as well.
The use of diverse, production-relevant data assumes a Big Data approach – once you think it through. However, most companies have yet to arrive at this point. Data is often kept at the local level for good reasons. Ultimately, production data has a lot to say about the performance of equipment, infrastructures, units and even people. Many questions have yet to be answered with regard to this – particularly those with societal implications.
In summary, one can state with confidence that the high degree of networking in all sectors of production – from design and engineering, to production, up to life cycle maintenance – will be extremely challenging. Security will play a decisive role at all levels. In fact, security is becoming a key discipline of automation technology for all Industry 4.0 approaches.
Keeping all of this in mind, the question regarding “challenges” is easy to answer: We will have to learn to manage new levels of complexity. A security level appropriate to the respective security requirements must be implemented. And employees must learn to embody security – they must internalize and intrinsically implement security goals.

In this context, how do you evaluate existing paradigms like “defense in depth”?

“Defense in depth” is a highly promoted concept. Since IEC 62 443 and ISA 99, it is clear to everyone that all participants have to ensure “security.” The standard outlines the roles of manufacturers, integrators and operators – they all have to do their homework.

In addition, the context of “defense in depth” addresses domain-based approaches, meaning that data is assigned to a security domain. The standard distinguishes here between low, medium and high impact information systems. If a great deal of damage can be done, then a higher level of security is necessary, which is only logical. What this approach clearly reveals is that no sensible security goals can be defined without risk assessment and risk analysis. It also clearly demonstrates that security cannot be “manufactured” simply by purchasing electronic devices. Security can only be achieved by design; defense in depth is only a prerequisite. Ultimately, the entire “system” must be evaluated, including all external boundaries and interfaces to third-party systems. This can only be achieved by strategic preparation.

Current discussions question existing security concepts and demand IT security by design. What does this mean to you?

What are existing security concepts? Securing a network with a firewall and that’s it? Or simply an air gap, in which networking is not performed by design? Every security concept only makes sense as “security by design.” Security cannot be forced; however, security strategies are required which can be adapted to the respective security goals – from the administrative level down to the components. IEC 62 443 is an incredibly complex text that includes many relevant aspects: For example, 62443-2 describes the policies and procedures for an organization. And 62443-3 describes the system and demands placed on it, while 62443-4 addresses the components.

In your opinion, are there advantages with respect to cybersecurity for controllers based on a Linux® system?

If we remain at the level of understanding described in IEC 62 443, then we are only talking about “components,” the industrial automation control system (IACS). A secure component only corresponds to one part of a security concept. In this case, Linux®, when used correctly, has the advantage. This operating system is used by a broad community in many embedded systems with security functions. The majority of switch and router firmware is based on Linux®. Consequently, the questions with regard to protocols, patch levels, operating system quality, internal structure etc. are known, so that strategic approaches can be implemented. In the long term, this is better than the “security by obscurity” of proprietary systems. The Linux® operating system innately offers all possibilities for implementing security strategies, and there is a large community that supports Linux® as a secure operating system.

Within the context of one of your recent presentations, you described the PFC family of controllers from WAGO as a good example of cybersecurity. Why?

When implementing system solutions, corporations can do a lot of things incorrectly when it comes to security. These almost always include “exciting” system solutions from various manufacturers. WAGO provided the PFC Controllers with a solid Linux® foundation that allows each controller to be virtually operated as a secure gateway. Essential security protocols are supported, and anything that’s missing can be provided by the Linux® community.

The PFC from WAGO is not just a PLC that can access the Internet, but instead a full-fledged Linux® computer that can also run a CODESYS PLC runtime. This way of thinking is the true definition of IT. Since real time doesn’t have to be abandoned, the IT components don’t represent a disadvantage – now they offer the potential of interacting with the IT.

In your opinion, what are the first steps that a corporation should take along the way to the Smart Factory?

If one considers the typical challenges of a mid-sized company, then digitization of the business processes is the most important first step. Many documents are certainly available electronically; however, a comprehensive process description, which enables problem-free automation, is quite challenging. Even when this first step has been completed, specific usage still has to be considered.

The definition of digitizable scenarios is later reflected in the applications and in the communication relationships with the customers, the corporation’s subsidiaries, operational employees and maintenance personnel. These are the sources of future demands on the entire system – only then can one talk about secure architecture and secured zones, and only then does it get technical.

What aspects must be considered when retrofitting automation systems – explicitly regarding the challenges that result from Industry 4.0?

Retrofitting has its own rules. As a rule, you can’t reinvent infrastructure; you have to deal with the existing configuration. It is easier if ETHERNET-based networks are available, or if ETHERNET-based networks can be used. In this case, the various security and communication challenges must be addressed and secured in a suitably hierarchical infrastructure. Secure gateways between domains should be emphasized, as should the controller PLC, because that is a gateway from the field level into IT.

Your contact person at WAGO

Market Management Industry Process

Additional service offerings: