Fraunhofer Institute for Production Technology IPTResearch Project "ESPRI"
(off.: Effiziente und bedarfsorientierte Erstellung von IT-Sicherheitskonzepten für produzierende KMU)
IT security as enabler for networked, adaptive production
Small and medium-sized manufacturing companies that want to survive in international competition depend on manufacturing and supply processes that are as seamless as possible. Cross-company networking of their systems can help them to become more efficient and flexible together. Although the potential of this cross-company networking is considerable, the proportion of German companies that act accordingly is still very small - especially if production is also to be closely interlinked. IT security in particular is seen as the biggest obstacle, as there are many concerns about data law and sovereignty [1]. With the opening of previously closed systems to cyberphysical systems, more areas of attack and security gaps are emerging. IT weaknesses in individual companies can have a dramatic impact on all partners, because corporate networks are the daily target of cyber attacks.
However, small and medium-sized companies in particular are often reluctant to invest in IT security - even though the risk of attacks is considerable. The reason for this is not only the cost, but often also a lack of knowledge about the threats and how to counter them. Companies are even obliged to protect personal data by the EU Data Protection Basic Regulation (EU-DGSVO). However, there is often a lack of demand-oriented IT security concepts that take into account the importance and criticality of production data (e.g. data on core competencies). They are the basis for selecting suitable IT security solutions. However, it is difficult to quantify the cost-benefit ratio between the investment in IT security and the value added by production networking. However, abandoning IT security can have costly consequences - all the more so when the possible productivity gains that the company misses out on are added.
IT security as the key to competitiveness
The partners in the ESPRI project are therefore jointly developing a software called "KMUsecure", which is designed for the continuous monitoring of the company's own data flow and the demand-oriented identification of IT security solutions for manufacturing SMEs. In addition to measures to increase IT security, the software also reveals the economic potential of production optimization through networking.
In order to use KMUsecure, all machines and devices connected to the network and the installed production IT systems (e.g. ERP, MES and CAQ) are first determined. The software then identifies information and data flows between the devices and systems. With the help of the vBox developed at the Fraunhofer IPT, an industry 4.0-enabled data switch, the security-critical data from the production IT is transferred to the SME security cloud platform. In the KMUsecure cloud platform, this data is finally classified by the software with regard to the relevant security attributes and threats to the network are detected. The analysis can then be used to automatically derive the appropriate IT security measures.
KMUsecure fulfils four functions:
- Continuous, complete live monitoring of the data flow and data interfaces
- Legally compliant, multidimensional data classification and identification of vulnerabilities
- Analysis and quantification of the value creation potential through networking
- Derivation of a demand-oriented IT security concept
[1] Icks, A., Schröder, C., Brink, S., Dienes, C., Schneck, S.: Digitalisierungsprozesse von KMU im Verarbeitenden Gewerbe. IfM-Materialien Nr. 225, Institut für Mittelstandsforschung Bonn, Bonn (2017).
Project Consortium
- DQS GmbH - Deutsche Gesellschaft zur Zertifizierung von Managementsystemen, Frankfurt am Main
- MAKA Systems GmbH, Nersingen
- W. Doose Werkzeug-Vorrichtungsbau GmbH + Co. KG, Henstedt-Ulzburg
- Fraunhofer Institute for Production Technology IPT
Project Management Organization
Allgeier IT Solutions GmbH, Bremen