Please support the Ministry’s public relations work: We need your consent to be able to measure your user activity on our website using etracker. A pseudonymised evaluation of this data by etracker helps us to improve our website. You can revoke your consent at any time for the future. Once you have made your selection, the consent management screen will appear at the bottom of the page. You can use this to stop or to reactivate the statistical evaluation at any point. You can reactivate tracking by dragging the slider in the opposite direction.
This website sets temporary session cookies. These are strictly necessary and therefore cannot be deselected. Their sole purpose is to enable you to use the website.
The Ministry also presents its work on this website in the form of videos. These are made available by the provider TV1 using JW Player. Please consent to the transmission of your IP address and other technical data to JW Player and allow JW Player to set cookies on your end device if you wish to view videos on our website. We also provide a consent management function for this at the bottom of the page. You can use this to control whether JW Player is enabled or not.
You can find detailed information on your rights and how we protect your privacy in our privacy policy.
Consent to the use of JW Player for video streaming
The Ministry also presents its work on this website in the form of videos. These are made available by the provider TV1 using JW Player. Please consent to the transmission of your IP address and other technical data to JW Player and allow JW Player to set cookies on your end device if you wish to view videos on our website. We also provide a consent management function for this at the bottom of the page. You can use this to control whether JW Player is enabled or not.
Four challenges and four IT security solutions in Industrie 4.0
Introduction
Together with its partners, the Plattform Industrie 4.0 has identified four key IT security challenges in Industry 4.0 and developed strategies to cope with them. The strategies are technical, but also clearly show a need for political action. The Plattform Industrie 4.0 brings these strategies into international debate to continually test and improve them. Here, you’ll find them briefly summarised and graphic illustrated.
Global value networks require comprehensive security architectures that provide protection to all participants, regardless of which country they are located in. The integrity of processes, machines and products must be ensured throughout the entire production process. To manage this feat and to work successfully together across borders, we need a generally accepted approach to security, interoperable security strategies and a common regulatory framework.
One step towards safer ecosystems is security-by-design. Security measures can be integrated into industrial applications and support end-to-end security solutions. The same should apply to the digital model: security for physical systems, their digital twin and their respective interactions must take place in a coordinated framework. Certification bodies or "trust centers" are necessary for secure cross-border data transfer between machines. The “trust centers” act as trusted neutral entities and issue certificates in security domains. Assigning or cancelling rights must be granted by the respective domain. For this to work outside of national borders, “trust centers” must enter into agreements with each other, creating conditions for secure communication that meets national requirements. There are no examples so far. A possible concept and/or implementation could entail identity management and roaming contracts provided by mobile operators.
Secure cross-company communication in international value networks must take into account and synchronize the security needs of all stakeholders. Securely exchanging data across enterprises and across borders requires interoperable security strategies and transparent identity mapping.
Authenticity, integrity and trustworthiness of the communication partners can be checked. Both the confidentiality of the information and the verification of the communication must be taken into account.
When humans, machines and software communicate with each other, they need to know who they are talking to. In the Industry 4.0 context, assets must be equipped with secure identities. Within a corporation, a certification authority or "Certification Authority" (CA) can provide these secure identities.
A trusted certification authority, as a security manager, can can manage the identities of all instances of a security domain. In today’s world, a public key infrastructure (PKI) is a possible solution.
To ensure successful exchange of data, communication partners have to have trust in the communication infrastructure and the processing of the data. Apart from the technical components, the secure exchange of data also depends on partners having a well-integrated, reliable and verifiable security strategy. If cooperation with new partners begins, organisational and technical solutions should be set up to evaluate the degree of trustworthiness and, if necessary, to automatically transfer these to potential partners (comparable to intelligent scoring and rating on Amazon, etc.).
The term "trustworthiness" describes the nature of existing and future relationships between companies, people, systems and components. The five criteria of trustworthiness are: Security, Safety, Privacy, Reliability and Resilience. Integrity is an important core element of all five criteria of trustworthiness. Without integrity, the trustworthiness falters, as the probably action of a single unit cannot be determined. This concept applies to both "Operational Technology" (OT) and "Information Technology" (IT) – weighted differently between the five categories depending on the context.