Every year, cyberattacks cause substantial loss and cost, presenting a growing challenge which also extends into the industry sector. So far, this trend has affected businesses in fields including
When it comes to threats such as industrial espionage, cyberextortion and data leaks, many companies focus on their conventional IT applications, yet underestimate the risks arising from increasingly smart and digitised production processes (known as Operational Technologies or OT).
The consequences here may be disruption to operations, faulty products and loss of reputation, and may even extend to breaches of business-related or statutory security objectives – either as targeted attacks or collateral damage.
These are the challenges faced not only by businesses and any regulators which may be involved, but also by OEMs in areas such as plant and mechanical engineering, system integrators and manufacturers of components. If they want to remain competitive in the medium and long term, they need to supply qualified and compliant products and services.
In this context, stakeholders ultimately need to overcome two more difficulties. The first is that conventional IT security methods and measures have only limited suitability for automated industrial control systems (ICS), and the second is the need for a holistic approach in order to verify that a cybersecurity solution and/or its concrete measures are effective and free from interference. An approach of this kind needs to consider operational issues and requirements as well as safety and security systems.
Technology risks in industry can be both general and industry-specific. Businesses resort to preventive and mitigating measures in their endeavours to achieve individual and legal security objectives. These measures are typically aligned to the expected threats that need to be covered. In the past, cyber-risks played a very minor role.
Now, however, even the safety-related functions of ICS are increasingly digitised. This opens up new pathways of threats, vulnerabilities or damage mechanisms that have previously not been fully considered. Cyberattacks are evolving into a critical, threat, particularly to the cyber-physical systems (CPS) which are part of Industry 4.0. In the majority of cases, even the “air gap” in isolated systems fails to offer adequate security. Standards such as the IEC 62443 series give answers to the question of which security measures should be established to ensure industrial communication networks are adequately protected.
Providing bespoke engineering and test services, the experts from TÜV SÜD ensure the safety, security, profitability and sustainability of plants and installations, infrastructure and buildings. As always, we will continue to support you with third-party assessments in the future, delivering the reliable information you need for informed decision-making processes.
Where this involves consideration of the threats and risks to ICS, our SecureSafety product fills the bill. On request, SecureSafety combines our conventional safety services with the required additional expertise in OT security (e.g. based on the IEC 62443 series of standards).
By supplying SecureSafety, TÜV SÜD acts as a reliable partner of component manufacturers, system integrators, operators and authorities across the entire life cycle.
How can we help you? We will be happy to support you in the field of SecureSafety, supplying:
Just contact us! We will be happy to inform you about our SecureSafety services.
Middle East and Africa