New technologies are conquering the world’s industries, industry 4.0 has long since moved into the shop floor and artificial intelligence is also on the rise. The foundation for this, however, is the secure IT operation and management of existing facilities. We talked to ondeso COO Peter Lukesch about the secure IT management of new and old plants for plant operators as well as for machine and plant manufacturers.
In order to be able to derive measures for future operation, it is essential to have an overview of all IT components. It is not uncommon for us to see that customers are only aware of a small part of their PCs in existing production plants, for example, because the form factor differs significantly from an office PC and the installation location within the machines is often unknown. A central inventory and operations management with complete and up-to-date information is the linchpin for meaningful and goal-oriented risk management.
Once our customers have gained an overview of their existing equipment, information on its current operating status must be collected and evaluated. This is not a one-off process but must be automated and run regularly so that the state of knowledge is always up to date. On this basis, possible dangers can then be assessed, and measures derived.
In order to keep security as high as possible, it is essential that you can always plan and execute the measures proactively and never be forced into the reactive role. Should this be the case, the last resort is often only a current backup, with which a stable state can be restored.
This is basically a difficult topic in which three parties play an important role. Machine and plant manufacturers often see the transfer of risk with the delivery to the customer. As soon as a machine becomes the property of the operator, it is his property for which he is responsible and can do whatever he wants with it. Almost at least, because if certain changes are made to the system by the operator, he is often threatened with the loss of support by the manufacturer, sometimes even referred to as “loss of warranty”. Thirdly, there is the legislator, who will enforce the often-requested requirements according to which the manufacturer is to be obliged to only deliver safe equipment and machines. This often results in a pragmatic solution being found between the manufacturer and the operator only in current emergencies and in the event of specific threats.
The past has shown that the useful life of production plants, unlike in the office environment, can be 20 years or more. The resulting heterogeneity of the IT landscape will therefore continue to increase in the future. The use of more and more software requires an increasing shortening of update cycles by operators. Furthermore, IT integration and cloud connections will exponentially increase IT security requirements.
This will also result in completely new service models for machine and plant manufacturers. With a view to the long service life, customers will prefer standardized interfaces and processes and demand the security of their devices. If a vulnerability, such as Bluekeep and DejaBlue, becomes known, priority must be given to a fast response time.
So, the same question applies to both: Is your present ready for the future?
Ideally, everyone will take on what they can do. The task of a technician is not to have the deepest IT security know-how. He has to set up and commission new systems, maintain, upgrade or repair existing ones. Of course, this will also include the integrated software components and OT components in the future. Similar to how he replaces an assembly and then checks it, he should, for example, have predefined installation or update packages that he executes and then get an overview of the functionality or correct processing. The underlying process must be defined and created in the areas that also create the software and have the knowledge about the associated problems. Last but not least, the changes made must be documented and tiled back so that, for example, support for inquiries or sales for quotations can access the current status of the information.
In the past, CIOs had to focus primarily on securing their data centers and end devices in the office. With models such as SaaS, BYOD, etc., even more devices come into focus, which provide transmission paths into the company and out again. More and more companies are setting up their own IT security departments with responsible CISOs, as the protection and preparation of countermeasures are no longer a part-time job. Nonetheless, until a few years ago, the protection of IT equipment in production had been hidden because it simply had to work. However, malware and attackers do not stop at network boundaries and use so-called spillover effects to spreaden into the production networks, too. Only since major failures, caused e.g. by WannaCry in 2017, has it been remembered again that the entrepreneurial added value culminates in a product. Defective products or delays are immediately reflected in the company’s own revenues or, in the case of large companies, can even have an impact on the raw material prices traded.
ondeso offers solutions for the manufacturer- and industry-independent lifecycle management of IT devices in the shop floor as well as for the secure data transport within the plant. These solutions have been specially developed in the production environment for the shop floor with the aim of making optimum use of the synergy of IT and maintenance.
In addition to the software, we have almost 10 years of experience in this field with our Professional Services and can, in addition to providing best practices, also provide support and advice in the creation and implementation of new concepts. All the information we obtain about the needs of our customers, as well as information from associations and working groups on product management, is incorporated into further development.
To carry out an activity on 20 systems or to collect information about their status can be done relatively quickly and with justifiable effort by a single person.
If, however, there are several hundred devices, it becomes very difficult to carry out all activities before one is confronted with the next change again and must start all over. Often companies create their own tools or scripts for this purpose, into which the employees have to be elaborately trained or the necessary knowledge for adaptation or extension may no longer be available in the company.
With a standard software our customers profit here several times. The execution of tasks no longer depends on the total number of devices, but only on the number of jobs. If a new hall is built or a new location is planned, the number of software components automatically increases – but the tasks to be completed remain the same. With ondeso, once they have been centrally planned and made available, they can be carried out independently by the operating personnel without the need for IT know-how. The personnel costs for planning and provision are therefore only incurred once.
Solutions can be discussed or exchanged with other companies and new employees may even find their way around from the start if they have already worked with ondeso products before.
The interview has also been published in shortened form in the specialist publication “Industrie 4.X”, which was enclosed with the German business and financial newspaper “Handelsblatt” on 11-20-2019.
Here you can learn more about our company and our expertise as a pioneer and market leader.
Which companies rely on ondeso for their industrial IT management? You will find the answer here.
Would you like to learn more? Do not hesitate to contact us, we will be happy to help you.