Digital technologies make many aspects of our daily lives much easier than they were before. What’s more, such technologies are also vital for many areas of business. Indeed, the connectivity they provides is a cornerstone of being globally competitive. According to the German Federal Ministry of the Interior, 40 percent of the world’s value added is already based on information and communications technologies.
The Race against Cyber Crime
Increasing levels of IT connectivity have simplified our private lives and made corporations more competitive. But they have also led to a growing security threat in the form of attacks from cyberspace. Companies such as Siemens are fighting back with a mix of high-tech and education.
Attacks from the Internet
But the flip side of this trend is that the growing concentration of information is attracting criminal elements. “The number of cyber attacks overall is skyrocketing,” says Prof. Claudia Eckert, head of the Fraunhofer Institute for Applied and Integrated Security (AISEC), in an interview with Pictures of the Future. An IT expert, Eckert says studies estimate the damage from Internet-based attacks at $575 billion worldwide.
And it’s not just run-of-the-mill PCs that hackers are targeting. Since the Stuxnet virus at the latest, which made headlines in 2010, companies have recognized that there is no longer an impermeable boundary between office and infrastructure or industrial IT. “Networked systems are highly dynamic, so that their security status has to be monitored in a constant and ongoing process," explains Eckert. What this means is that since machinery and production plants are controlled by specialized software, manufacturing industries are facing similar threats to those being faced by consumers. That goes for Siemens too; the company’s products, solutions and services contain more and more software, which is often also used in critical infrastructures.
Smart Protection for Smart Grids
One example is intelligent power grids. These “smart” grids ensure grid stability by balancing power generation and demand using sophisticated networked technology. A smart grid filled with communication and information technologies is permanently exposed to the threat of attack from outside. To ensure that consumers are never left without electricity, the grid has to be not just clever, but cleverer than its attackers. To achieve this, the Siemens Energy Management Division is not only working on security solutions for smart grids but has taken on the task of raising customer awareness of the issue.
IT Security Made in China
IT security is already at the top of just about every industry’s agenda. And no wonder – to get an idea of how big this challenge will be in the future, all you need to do is look at the projections: not hundreds or thousands, but billions of machines, systems, sensors and individual products will be communicating with each other as part of what experts call “Industry 4.0”.
But the threats to this system are expected to be as vast as the potential rewards. A survey conducted by Siemens among one hundred industrial firms in China last year indicates the extent of the threat to the manufacturing sector. More than 80 percent of the companies reported having experienced a computer virus infection or some other type of attack. Some companies even reported that they had had to temporarily suspend production and had lost money as a result. According to Prof. Wen Tang of Siemens in China, this is the consequence not just of antiquated technology but also of low security awareness. Tang heads the Industrial Security Lab at Siemens Corporate Technology in Beijing, which has taken on the task of assisting Chinese customers with high-tech solutions and training in order to help them protect themselves as fully as possible against attacks.
ID Checks for Machines
Naturally, threats to IT security are not limited to China. Companies worldwide are worried that what’s known as Industry 4.0, with its networking of machines and systems, will not just yield immense economic advantages but also create vast security risks. “But if industry relies on a consistent, end-to-end security concept, the risks will probably be manageable,” says Dr. Rolf Reinema, head of the IT Security Technology Field at Corporate Technology (CT), Siemens’ corporate research and development department. Reinema’s department develops sophisticated solutions to protect Siemens business areas against cyber crime. These protective measures include ideas such as software packages to ensure that companies are always at the most current security level, authentication methods that provide a way for machines to “check IDs,” and monitoring solutions that can detect and report cyber attacks almost in real time, so that countermeasures can be initiated at the earliest possible moment.
Challenges for Governments
Clearly, effective solutions to minimize the risk of a cyber attack exist. But they could be significantly more effective if joint international security standards and rules were defined at the government level. Many experts agree, for example, that government, academia and business, as well as the community of nations, must communicate more closely, beecause neither multinational corporations nor cyber attackers are limited by national borders.
IT specialists at Siemens are well aware of this “borderless” challenge. So before any solution is released to customers, it’s carefully tested, including by the company’s own team of hackers. In addition, in order to ensure the best possible defense against cyber attacks, Siemens has launched the Product & Solution Security (PSS) Initiative, which involves representatives from all company businesses. PSS members decide what needs to be done on a company-wide level. One example is the use of a continuous threat-and-risk analysis in development and engineering projects. From this, security measures are derived that result in technical or organizational changes either at Siemens or customer sites. Despite these intense efforts to counteract cyber crime, there will never be 100 percent protection against threats from the Web. The business of protecting and attacking data resources will remain a game of cat and mouse. But IT experts in research and development have accepted the challenge.