“Responsibilities are not yet clarified”

In all hon­esty, Secu­rity has already arrived on fac­tory floors. But how well informed about Indus­trial Secu­rity are machine builders and users really? David Machanek, Gen­eral Man­ager of Pilz Aus­tria, had his team survey their cus­tomers on this. In this inter­view he reports on his find­ings.

Mr Machanek, what is the situation ­regarding the topic of Industrial Security in mechanical engineering and among the customers?

David Machanek: There is still a lot of uncer­tainty. At the same time, we are noting that our cus­tomers have a great hunger for knowl­edge because their fears of cyber attacks are growing – par­tic­u­larly in small and medium-sized com­pa­nies. There are many com­pa­nies in this area of con­flict and the uncer­tainty is ampli­fied by the pending legal and nor­ma­tive changes.

Where does this impression come from?

We asked around 150 man­u­fac­turers and oper­a­tors what their level of knowl­edge is con­cerning Secu­rity. We wanted to know how well pre­pared the Aus­trian market is for this topic and who is respon­sible for this in the com­pa­nies. An impor­tant finding is that many cus­tomers have not yet taken any steps on the sub­ject of Indus­trial Secu­rity even though they are well aware of its rel­e­vance.

What conclusions can you draw from the findings?

The most impor­tant con­clu­sion for me was that the respon­si­bil­i­ties for Secu­rity on plant and machinery have still not been clar­i­fied at all in these com­pa­nies. This has also not been clar­i­fied among the man­u­fac­turers. It is clear that IT per­forms IT secu­rity, but who is there for the secu­rity at the machine? The oper­a­tors we asked tended to see this as maintenance’s respon­si­bility. But com­pa­nies are fre­quently unaware of the fact that Indus­trial Secu­rity requires spe­cialist knowl­edge and that a lack of respon­si­bil­i­ties and mea­sures opens the door to attackers. This just makes it that much more impor­tant that we do the edu­ca­tional work – just the same as for machinery safety. After all Pilz is not just an ambas­sador for Safety, but also for Secu­rity. Safety for me also encom­passes Secu­rity.

Which questions are currently worrying machine builders and operators?

The main focus here is on the ques­tion of what effects a cyber attack would have on the com­pany. My tip: every com­pany should brain­storm and run through how day-to-day work would be changed by this type of attack. From our own expe­ri­ence fol­lowing the cyber attack on Pilz in 2019, I now advise making sure to keep a paper copy of the con­tact data of your most impor­tant con­tacts, for example. Many people are ini­tially sur­prised by this. Beyond the threat sit­u­a­tion, many machine builders and oper­a­tors are also dealing with the new Machinery Reg­u­la­tion and NIS 2 is also of great sig­nif­i­cance (see box at bottom left).

Where do you see dangers?

In dis­cus­sion I fre­quently hear that the company’s machines are not even attached to an ERP system or a cloud, so there is no need for any secu­rity mea­sures. If I then ask if there is a USB port and whether this could be used by an oper­ator to charge a mobile device, meaning that gateway would sud­denly be opened, this imme­di­ately gets their atten­tion. Our job is to ask ques­tions and pro­vide our cus­tomers with the best pos­sible advice.

How complicated is it to design an existing plant to be safe and secure?

It doesn’t make a big dif­fer­ence whether a machine is new or old; secu­rity solu­tions can often be inte­grated through “plug and play”. Our access per­mis­sion system PITreader is an ­example of this. Secu­rity retro­fits are def­i­nitely an impor­tant topic! We sup­port our cus­tomers with suit­able ser­vices because oper­a­tors often do not have the resources to safely and securely imple­ment this type of machine con­ver­sions.

Share with your network!

1 Star2 Stars3 Stars4 Stars5 Stars (Be the first to give a rating!)

Leave a Reply