Security affects us all

Com­pared with the more tan­gible topic of machinery safety, indus­trial secu­rity still appears to be more of an abstract con­cept. Many ­people pri­marily asso­ciate it with external cyber attacks, but secu­rity is rel­e­vant down to the smallest machine in a pro­duc­tion facility. ­Secu­rity encom­passes safety, ensuring its integrity and thus the pro­tec­tion of human and ­machinery. With the new Euro­pean Machinery Reg­u­la­tion, secu­rity mea­sures will become oblig­a­tory from 2025. But even today com­pa­nies are already working to ensure the safety of per­sonnel, machinery and data.

Assuming responsibility

If man­age­ment fails to imple­ment gen­eral organ­i­sa­tional mea­sures and instruc­tions when struc­turing work, it can be held liable for this. Prob­lems such as near-acci­dents or the occur­rence of new risks at the work­place must result in suit­able mea­sures. Reg­ular checks iden­tify any need for action in good time. An example to illus­trate this: An employee opens a safety gate and thus brings the machine to a stop. The man­u­fac­turing process is inter­rupted, resulting in eco­nomic losses. The employee didn’t ­actu­ally have autho­ri­sa­tion to open the safety gate, but due to a lack of work instruc­tions they were unaware of this, and access to the plant was not clearly reg­u­lated. In this case, the task was del­e­gated to an unqual­i­fied person and there were no work instruc­tions or they were incom­plete. The com­pany man­age­ment is thus liable for the con­se­quences.

An all-round safe workplace

Employee pro­tec­tion goes hand in hand with ­lia­bility pro­tec­tion: The oper­ator of the plant or machinery is respon­sible for the pro­tec­tion of its employees and must take appro­priate mea­sures. If a machine is pro­tected by a safety gate, for example, but access is not reg­u­lated, a cleaner or sim­ilar could enter the machine’s danger zone and be injured. In this example, the safety device is not suf­fi­cient. In the course of a hazard assess­ment, poten­tial hazard sources would have been iden­ti­fied early on: Is access to the machine suf­fi­ciently pro­tected? What qual­i­fi­ca­tion must the employees have on the machine and for which work steps are they then autho­rised?

Prevent manipulation

A third area that is becoming increas­ingly rel­e­vant is data pro­tec­tion. Secu­rity is often asso­ci­ated with this as stated pre­vi­ously and there is great con­cern that an attacker could manage to access a company’s OT net­work. This can happen, for example, if a USB stick with mal­ware has been inten­tion­ally or unin­ten­tion­ally used on a machine. If there is no seg­men­ta­tion within pro­duc­tion, hackers can thus not only cripple this one machine, but man­u­fac­turing as a whole. This is the “worst case”, and this sit­u­a­tion is also sen­si­tive with a view to data pro­tec­tion. Data and exper­tise must be pro­tected against external attacks as well as from danger orig­i­nating within the com­pany.

All three sce­narios described are not only rel­e­vant for rea­sons relating to lia­bility, they also have a major influ­ence on a company’s pro­duc­tivity. So what can com­pa­nies do to play it safe? Safety pre­cau­tions must be reg­u­larly scru­ti­nised and adapted to the cur­rent con­di­tions. A holistic risk analysis indi­cates pos­sible weak­nesses and includes both safety and indus­trial secu­rity. Based on this analysis, appro­priate mea­sures can be taken and the machinery retro­fitted, if nec­es­sary.

Clearly regulate access

For the exam­ples men­tioned, com­pre­hen­sive iden­tity and access man­age­ment, meaning the reg­u­la­tion of accesses and entrances, could be an ade­quate solu­tion. If an access per­mis­sion system PITreader is used, only autho­rised ­people are issued an RFID key with their indi­vidual per­mis­sions for plant and machinery on which they carry out work. They only achieve the desired access after they autho­rise them­selves on the machine by inserting their key into the PITreader. Autho­ri­sa­tions can be issued and man­aged cen­trally. If there is how­ever a safety inci­dent or manip­u­la­tion, the system can be used to track who last worked on the machine.

Lock out attackers

If machines are to be pro­tected against unau­tho­rised access and manip­u­la­tion, an indus­trial fire­wall such as Secu­ri­ty­Bridge from Pilz also offers pro­tec­tion. It mon­i­tors the data com­mu­ni­ca­tion within an indus­trial automa­tion net­work. To pro­tect the data flow of a pro­duc­tion facility, switch­able and acti­vat­able prod­ucts can also be an appro­priate mea­sure. The acti­vat­able USB‑2.0 host inter­face of the oper­a­tion ele­ment PIT oe USB con­trols the manip­u­la­tion-proof import of pro­grams, export of data and con­nec­tion of a key­board or mouse. If the oper­a­tion ­ele­ment is com­bined with the access per­mis­sion system PITreader, the acti­va­tion is only ­per­formed with the cor­re­sponding autho­ri­sa­tion.

These mea­sures can be easily inte­grated or retro­fitted into an indus­trial appli­ca­tion. ­Indus­trial Access Man­age­ment thus con­tributes to greater indus­trial secu­rity and ensures the integrity of the machinery safety. At the same time, the com­pany man­age­ment can rely on this holistic safety con­cept and thus assumes respon­si­bility for the com­pany and for its employees.