Today’s production plants are highly interconnected. Embedded systems interact independently; planning systems from the cloud schedule production steps and machine utilization; plant operators monitor and control remotely; maintenance staff has global access to modify configurations.
In a networked world, the protection of production plants does not end at the factory wall or the fence of the premises any more. Attackers can gain access to the systems through the network connections and manipulate them; malicious code infections can result in a standstill of major areas of production, causing enormous physical damage and endangering human beings. Even before Stuxnet, Duqu, Flame and Havex have been in the news, it has been known that production plants are threatened by cyber-attacks.
IT security in industrial production has to take into account specific basic conditions which are not as relevant in an office environment, in the case of PC workstations or Internet servers. The control of production plants is associated with real-time requirements which make it difficult or even impossible to modify the systems. Software patches on the systems or the installation of monitoring software, malware scanners and antivirus programs, for example, can have an adverse effect on the functionality, while firewalls in the network and encrypted connections between the systems can be detrimental to the real-time conditions. In addition, the relatively long lifetime of hardware and software in manufacturing differs considerably from other areas of IT application.
For this reason, new strategies and methods have to be found for production environments to ensure IT security in practice, not only in new systems, but also in existing installations, above all.