In all honesty, Security has already arrived on factory floors. But how well informed about Industrial Security are machine builders and users really? David Machanek, General Manager of Pilz Austria, had his team survey their customers on this. In this interview he reports on his findings.
Mr Machanek, what is the situation regarding the topic of Industrial Security in mechanical engineering and among the customers?
David Machanek: There is still a lot of uncertainty. At the same time, we are noting that our customers have a great hunger for knowledge because their fears of cyber attacks are growing – particularly in small and medium-sized companies. There are many companies in this area of conflict and the uncertainty is amplified by the pending legal and normative changes.
Where does this impression come from?
We asked around 150 manufacturers and operators what their level of knowledge is concerning Security. We wanted to know how well prepared the Austrian market is for this topic and who is responsible for this in the companies. An important finding is that many customers have not yet taken any steps on the subject of Industrial Security even though they are well aware of its relevance.
What conclusions can you draw from the findings?
The most important conclusion for me was that the responsibilities for Security on plant and machinery have still not been clarified at all in these companies. This has also not been clarified among the manufacturers. It is clear that IT performs IT security, but who is there for the security at the machine? The operators we asked tended to see this as maintenance’s responsibility. But companies are frequently unaware of the fact that Industrial Security requires specialist knowledge and that a lack of responsibilities and measures opens the door to attackers. This just makes it that much more important that we do the educational work – just the same as for machinery safety. After all Pilz is not just an ambassador for Safety, but also for Security. Safety for me also encompasses Security.
Which questions are currently worrying machine builders and operators?
The main focus here is on the question of what effects a cyber attack would have on the company. My tip: every company should brainstorm and run through how day-to-day work would be changed by this type of attack. From our own experience following the cyber attack on Pilz in 2019, I now advise making sure to keep a paper copy of the contact data of your most important contacts, for example. Many people are initially surprised by this. Beyond the threat situation, many machine builders and operators are also dealing with the new Machinery Regulation and NIS 2 is also of great significance (see box at bottom left).
Where do you see dangers?
In discussion I frequently hear that the company’s machines are not even attached to an ERP system or a cloud, so there is no need for any security measures. If I then ask if there is a USB port and whether this could be used by an operator to charge a mobile device, meaning that gateway would suddenly be opened, this immediately gets their attention. Our job is to ask questions and provide our customers with the best possible advice.
How complicated is it to design an existing plant to be safe and secure?
It doesn’t make a big difference whether a machine is new or old; security solutions can often be integrated through “plug and play”. Our access permission system PITreader is an example of this. Security retrofits are definitely an important topic! We support our customers with suitable services because operators often do not have the resources to safely and securely implement this type of machine conversions.