Security: The more aware you are, the more questions arise

Secu­rity is now a topic in industry: “In almost every com­pany, the topic of Indus­trial Secu­rity is of great interest.” This is the obser­va­tion of Andreas Willert, Head of Indus­trial Secu­rity at Pilz Aus­tria. Pilz Aus­tria began to raise aware­ness in industry sev­eral years ago with infor­ma­tional events, free webi­nars and pod­casts. “Con­tin­uous infor­ma­tion and training as well as the cre­ation of aware­ness are the key to enforcing the topic of Indus­trial Secu­rity,” agrees Alessio Ragni, Secu­rity expert at Pilz in Italy.

Andreas Willert sees clear dif­fer­ences between indi­vidual indus­tries and sec­tors: “Large com­pa­nies are well aware of the need for action; they are informed, have in-depth exper­tise and have pro­gressed far in their prepara­tory stage. Most of the small and medium-sized enter­prises are aware that some­thing ‘major’ is headed their way, but they do not have the know-how and thus many ques­tions remain unan­swered.”

A need for action resulting from laws

At Pilz in Ost­fildern, Bernd Eisen­huth, Senior Con­sul­tant Busi­ness Areas, is a member of the Indus­trial Secu­rity Team. He is wit­nessing great uncer­tainty about what is to be done now and – relating to this – what this may mean in terms of work and costs.

“It is less the real fear of cyber crim­i­nals, which is truly present, though felt to be abstract, that induces a com­pany to con­cretely grapple with the topic of Secu­rity,” explains Bernd Eisen­huth. Instead, the new or coming legal require­ments of the Machinery Reg­u­la­tion, NIS 2 and Cyber Resilience Act are the impetus for many com­pa­nies.

“Com­pa­nies want to know the pre­cise and indi­vidual oblig­a­tions that they will be facing and what they have to do or change in order to meet these oblig­a­tions,” clar­i­fies Willert. In Italy, cus­tomers and inter­ested par­ties approach Pilz with very spe­cific ques­tions in many cases. Alessio Ragni gives some exam­ples of these types of ques­tions: “What do we have to do to main­tain oper­a­tion even in the event of a cyber attack?” Or “How do we mon­itor and detect anom­alous behav­iour that can affect the safety in our indus­trial processes?” “These ques­tions make it clear that there is a growing aware­ness for the impor­tance of cyber secu­rity together with OT,” according to Ragni.

One goal, many tasks

Ulti­mately, the goal is always being able to main­tain busi­ness oper­a­tions, but the path to this goal is rid­dled with a variety of chal­lenges that com­pa­nies must face: This ranges from the iden­ti­fi­ca­tion of the valid legal require­ments and the detec­tion and rec­ti­fi­ca­tion of weak points in sys­tems, to raising aware­ness of and training employees, and to sub­se­quent enforce­ment of con­trols. Because Secu­rity is a goal that is con­stantly changing, a reg­ular check of the Indus­trial Secu­rity status of machinery is also nec­es­sary.

Demand for support growing

Pilz has pre­pared itself for the cus­tomers’ require­ments and devel­oped a range of ser­vices for machine builders and users around the world that holis­ti­cally incor­po­rates all aspects for the pro­tec­tion of human and machine.

Industrial Security in 4 steps: With the Industrial Security Consulting Service (ISCS), Pilz supports machine builders and operators.

The offer is very pop­ular: “In addi­tion to basic infor­ma­tion and guid­ance as well as training courses, with our ISCS (Indus­trial Secu­rity Con­sulting Ser­vice) we are pro­viding ever more sup­port for cus­tomers in con­crete projects that range from pro­tec­tion require­ments analysis and risk analysis to the cre­ation of a secu­rity con­cept to assis­tance during imple­men­ta­tion and sub­se­quent ver­i­fi­ca­tion,” spec­i­fies Bernd Eisen­huth.