Protection of new digital infrastructures

Essen: The coronavirus pandemic will have a lasting impact on business and industry. Companies have made quantum leaps in a very short time, especially with regard to digitalization. Consequently, provision of comprehensive protection for the new digital infrastructures becomes all the more important. Matthias Springer, cyber security expert at TÜV NORD, explains what is important now and which standards companies must meet for smart manufacturing.

What used to be a rather sketchy plan, has now been turned into concrete measures. As a result of the coronavirus pandemic, commercial and industrial companies have been able to implement digitalization and automation projects with enormous speed. Remote accessibility of plants and systems, remote monitoring and predictive maintenance are elementary in times of shutdown and home office in order to maintain operations. "What we are currently experiencing is akin to a paradigm shift," says Matthias Springer. "But unfortunately, with the naturally understandable euphoria about digital transformation in record time, security aspects often fade into the background. Unprotected networked systems pose an immense risk," warns the cyber security expert.

Comprehensive security concept for smart manufacturing

Within the framework of smart manufacturing, IEC 62443 has established itself as an internationally recognized standard for IT security in the process and automation industry. In addition, many other branches of industry, including critical infrastructures (KRITIS), are now using this standard. IEC 62443 has thus become the central standard for smart manufacturing solutions. "Wherever digitalization, networking and automation are used in the industrial sector, this standard provides a security guide - regardless of the industry," explains Springer. Based on the criteria and requirements, companies can ensure the reliability of their facilities and applications, prove the availability of security functions and the integrity of components and systems, with operators, integrators and component manufacturers benefiting equally.

New requirements at all levels

Certification according to IEC 62443 also offers sustainable protection against cyber attacks. "Even hackers and cybercriminals are not unaware of the rapid conversion of companies to digital infrastructures. Any security gap that is not considered and closed today can turn into an existential problem tomorrow," says Springer. Operators of industrial plants, for example, must ensure protection against digital threats. If not, unauthorized persons could, at worst, bring the plant to a standstill or even cause personal injury and environmental damage. Integrators also face ever-increasing security requirements, since today they not only provide a network for industrial plants, but also connect the plant to cloud services. The manufacturers of components are also challenged, which, just like industrial plants, are expected to function in an increasingly networked way.

Using the digital upswing

The coronavirus pandemic increases the need for digitalization and the pressure on industrial companies to act. At the same time, there is an ever-growing necessity to secure the newly acquired digital infrastructures today in order to benefit from them even tomorrow. The IEC 62443 standard takes a holistic approach to cybersecurity. A certification proves that the company is working according to the "state of the art" and complies with its legal duties of care - important prerequisites for minimizing liability risks. Independent consulting and audits for certification according to IEC 62443 are also offered as remote services. This reduces on-site appointments to a minimum - an enormous gain in flexibility. "We have had consistently positive experiences with this so far and have already successfully certified companies from Europe as well as from Asia," reports Springer.