Protecting manufacturing companies from cyber attacks: Research project offers security check for SMEs
Manufacturing companies that network their machines and systems are particularly at risk from security vulnerabilities and attacks on their IT infrastructure. This was determined by the Fraunhofer Institute for Production Technology IPT in the course of scientific investigations for the white paper "Cybersecurity in Networked Production", which has now also been published in English. The Aachen scientists now want to further develop the cross-industry "Production Security Readiness Check" in an AiF-funded research project together with small and medium-sized enterprises (SMEs). Interested companies that would like to thoroughly check their production IT with regard to protection and security can still participate in the project.
Small and medium-sized enterprises that want to exploit the potential of Industry 4.0 often find themselves caught between the benefits of flexible networking of their production facilities and the risk of falling victim to cyber attacks. Networking proprietary hardware and software systems from different manufacturers can create considerable attack surfaces and security gaps. Sabotage, data theft or espionage cause total annual damage in the billions of euros to the German economy alone, both the IT industry association Bitkom and the Federation of German Industries BDI stated in unison as early as 2019. The latest whitepaper from the Fraunhofer IPT now confirms that even today, neither SMEs nor large companies are adequately protected from the potential dangers by the companies currently surveyed. What's more, while large companies can hire their own IT security experts, in small companies this task is often left to IT support as one of numerous others, which can only limit the damage if the worst comes to the worst.
Effective protection for production IT and infrastructure
But how can SMEs identify and select effective security measures even without high financial and organizational outlay? This question is to be clarified by a research project that the Fraunhofer IPT together with the Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE now wants to carry out with interested companies in a project of the FQS Forschungsgemeinschaft Qualität e. V. funded by the German Federation of Industrial Research Associations (AiF). The aim is to enable the project partners to recognize their own IT security level and implement the necessary protective measures in a targeted manner.
To this end, the Aachen researchers want to combine a web-based questionnaire with automated network analysis tools that compare the current situation in the companies with a reference model. The reference model takes into account the requirements and recommendations of the applicable standards, guidelines and laws as well as well-known examples of success from the corporate organization. A user-friendly questionnaire guides users through the process even without extensive prior knowledge and takes into account both industry and company size. As a result, the user then receives a detailed assessment of his current security level. The system also suggests suitable measures in the form of a priority list and recommends suitable security solutions in each case.
Users and enablers for safe production
"We are looking forward to companies that want to participate in the further development either as users or also as enablers," explains Alexander Kreppein, project manager of the Production Security Readiness Check at Fraunhofer IPT. Users can, for example, contribute requirements and use cases to the project and help shape the tool's recommendations for task areas such as threat and vulnerability management, identity and access management, or information exchange and communication. Companies that can offer IT security solutions for production or software for quality or compliance management can participate in the project as enablers.
At the end of the project, Fraunhofer IPT and Fraunhofer FKIE will make the developed concepts and the prototype of the developed application available to the participating companies in full and at no additional cost. The project is scheduled to run from March 2022 to March 2024.
The white paper "Cybersecurity in Networked Production" is available for free download at: https://s.fhg.de/white-paper-cybersecurity-networked-production