July 2019

| SOLUTIONS | www.smartmachinesandfactories.com July 2019 | 29 | will be able to make their own decisions in the future.” Such autonomous systems and the resulting increase in the volume of data present manufacturers of automation systems, especially in the field of IT and cyber security, with extreme challenges. Brand highlights that In the future, well-isolated machine areas will have to be open and accessible for communication to the outside world. Demand for cyber security is becoming increasingly important in comparison to pure process reliability or production availability, with a strong dependence of these areas on one another. This is not the only reason for the increased awareness of cyber security. Even recent incidents such as Stuxnet, Wanna Cry, or the attack on the German Bundestag are an enormous boost to the importance of cyber security. Brand comments that cyber security, however, is a complex matter due to the protection objectives for confidentiality, integrity, and availability. Confidentiality is possible only when unauthorised information retrieval is not possible: “Integrity includes both the correctness of the data (data integrity) and the correct functioning of the system (system integrity). Availability refers to the degree of functionality of the information technology systems; that is, whether the systems are ready for use at any time and whether the data processing also runs correctly. Further protection goals such as authentication and authorisation clarify the identity of the user and their access rights to the secure source of the data. Commitment/non-repudiation ensures that the communication participants do not reject messages.” He adds that cyber security therefore deals with a constantly changing problem, which is an issue throughout the lifecycle of devices, systems, and networks: “As new vulnerabilities are constantly uncovered and new methods of hacking found, it is necessary to update the devices and systems again and again and eliminate the identified vulnerabilities. Systems must therefore be designed to allow for secure updates to important functions and thus be permanently protected. However, this is very difficult for automakers and developers of such systems to implement ever-changing security requirements in their applications, as this is a very broad subject area and thus goes beyond the scope of their actual work. It therefore makes sense to work together with appropriate IT and security experts at an early stage of development. Otherwise, there is a risk that undetected vulnerabilities could potentially damage businesses that are far in excess of the potential benefits of the new products and technologies, or at worst may even endanger their business.” He also explains that traditionally, cyber security was seen as an IT issue that required the implementation of secure operating systems, network and application protocols, firewalls, and other network-intrusion prevention solutions. However, as a result of the transition to digitalisation, machines will have to be as intelligent and autonomous as possible in the future, resulting in more functionality, more connectivity, and, at the same time, higher data volumes. As a result, there is a significant increase in the importance of system risk assessment. Where previously some systems did not require safety or protection, they are now critically vulnerable to attacks that can leave them paralysed. For the manufacturers of such promising systems, it is important to carefully check and evaluate potential vulnerabilities and to take appropriate protective measures. The implementation of appropriate security functions, according to Brand, should happen as early as possible, preferably right at the beginning of the system signal chain; that is, at the transition from the real, physical world to the digital world. This period is the so- called sweet spot, and it seems to be the most promising point of the signal chain. This point is usually formed by the sensor or actuator. Here, the complexity of coding the trusted data is usually relatively low, which can also increase confidence in data-based decisions. However, as shown in Figure 1, this sweet spot requires a high degree of hardware identity and data integrity in order to achieve the highest level of data security and thus the confidence of the operating systems in secure data. The implementation of identities and integrity already at the hardware level—that is, protective features already embedded in silicon—offer the most promising approach for generating appropriate data security. This is where the so-called root of trust begins. Root of Trust The root of trust is a set of related security functions that control the cryptographic process in the devices as a largely separate computing unit. Brand explains that in this case, a secure data transmission is usually generated by controlling hardware and software components in sequentially linked steps. The sequence of the individual steps, as shown in Figure 2, ensures that the data communication proceeds as desired and unharmed. As a result, a well-protected application can be assumed. He adds that securing a trustworthy,