VDMA security expert Steffen Zimmermann sees the Industry 4.0 Theme Park at the METAV 2018 as a good source of information for all issues relating to cyber-security. “Cyber-security plays an important role for vendors, since it enables them to adopt new, innovative business models,” explains Steffen Zimmermann. Anyone offering condition monitoring or predictive maintenance, for example, will in the long term have to not only think about their technical implementation, but also about the secure design of the data traffic involved. His recommendation for the companies concerned: “Ask the vendors in Düsseldorf very specifically whether and how they take due account of cyber-security in their solutions. The paramount consideration here is risk assessment. Is there an intention to safeguard confidential data? Who has access to these data? How do data queries from abroad function – from China, for example?
Risk-awareness in terms of cyber-security has significantly increased in the corporate world. “Threats from human agency like wrongdoing and sabotage, infiltrating malware, plus social engineering and phishing, are still at the top of the list,” says Steffen Zimmermann. “Easily implemented technical protective measures, however, are not yet being taken seriously.” As a currently prioritised issue, he cites the control components connected to the internet, which could be protected against hackers by simple technical precautions.

Using a secure communication computer

The machinery manufacturers Gebr. Heller Maschinenfabrik GmbH from Nürtingen will be showing how this works in the Industry 4.0 Theme Park in Düsseldorf. “Heller has in conjunction with Siemens over the past two years been prioritising this question, so as to arrive at a secure solution for linking machine tools to the internet,” explains Bernd Zapf. “For this purpose, we shall be interfacing our machines with the internet solely via a secure communication computer, meaning that between the machine’s control system and the customer’s network a Sinumerik Edge industrial PC from Siemens is interpolated.”
Sinumerik Edge handles readout of the data from the machine’s control system, and saves them in a ring buffer for intermediate storage. The data are either processed further, or directly prepared for forwarding to the internet. This ensures that a direct connection between the internet and the machine is not possible, and that the data are encrypted using maximally stringent security certificates. This communication route meets the statutory requirements for cloud-based data traffic in compliance with the international series of standards on “Industrial Communication Networks – IT Security for Networks and Systems” (IEC 62443) and conforms to the security certificates specified by Siemens. At the METAV 2018, Heller will be demonstrating various Industry 4.0 technologies on the Profitrainer training machine with Heller4Industry, e.g. for data traffic with MindSphere: this open internet-of-things system from Siemens helps to prepare the data appropriately. That involves a cloud technology, which works together with different cloud infrastructures (AtoS or Microsoft Azure).

Secure digital identities: the basis for data interchange

As a basis for automated and autonomous data, the VDMA uses a “secure digital identity (SDI)”. To quote Steffen Zimmermann: “The user should be able to trace and assign the decisions of the systems involved on the basis of secure digital identities.” The requirements for these identities are extremely stringent: they have to be very difficult to copy, forgery-proof, and also be amenable to revocation or forwarding. Machinery manufacturers should accordingly now be considering how they can implement SDI in actual practice.
Heller ranks among the pioneers in this field. To quote Bernd Zapf: “Under the designation Heller4Industry, we have for using certain Heller machining centres since the EMO Hannover 2017 been offering an operator model featuring a pay-per-use payment method for the machine’s actual utilisation time – we call this digital business model Heller4Use. Digital payments are handled using a SEPA direct debit procedure.” The actual utilisation time is acquired securely inside the machine’s control system, with subsequent transmission via Sinumerik Edge to MindSphere, where the actual utilisation time is evaluated and invoiced internally at Heller through SAP.

Definition: secure digital identity (SDI)

SDI is an unambiguous identity with additional security characteristics for dependably trustworthy authentication of an object (entity). It prevents an incorrect identity from being simulated. Each networked device that communicates via open networks requires a secure identity. The principal goal is to identify and authenticate individual entities. There are six features defining an SDI: identification, integrity, forgery-resistance, offline identification, authentication and offline authentication. Source: Wibu