Hacker attack on the Bundestag's IT infrastructure. Confidential information stolen from the Sony Pictures film studio corporate network. Cyber attacks shut down the French channel TV5 Monde. These or similar headlines are appearing more and more frequently. Cyber crime has significantly increased over the last few years. In 2013 alone, there were 117,300 attacks on IT security at companies every day. Thus doubling the number of attacks compared to the previous year to 42.8 million. That is the result of the "Global State of Information Security Survey 2015" study by the consulting firm PricewaterhouseCoopers.
The damage caused by ICT crime is huge. In 2013, financial losses worldwide were as much as 575 billion dollars (roughly 460 billion euros) according to the joint study by the Center for Strategic and International Studies, McAfee security provider and Intel Security. Companies in highly industrialised countries like the USA, China and Germany are particularly affected by increasing Internet crime. In these states alone the total losses came to 200 billion dollars in 2013.
The extent of IT crime in the meantime in Germany is revealed in a study by the Bundesverbands Informationswirtschaft, Telekommunikation und neue Medien e.V. (Bitkom) from 2015. According to this, roughly half of the companies surveyed had been the victim of digital industrial espionage, sabotage or data theft over the last two years. Based on conservative estimates by BitKom the resulting losses for the entire German economy are roughly 51 billion euros per year. However, it is not just financial losses that adversely affect the companies concerned. The companies also suffer from damage to their image and a loss of trust from their customers.
There is no question that with the increasing degree of digitalisation, companies are more reliant on reliable information and communication systems than ever before. Cloud computing, the fourth industrial revolution, smart data, the Internet of Things and Services are not only changing classic business models but increased networking is also opening up new gateways for cyber criminals. More and more companies are coming to this conclusion in Germany. Across all industries, 59 percent of businesses see IT security as the greatest obstacle to digitalisation in their companies. This was shown by the Chamber of Industry and Commerce business barometer "Industry 4.0: Great opportunities, a great deal to do".
Data security, data protection and privacy are crucial success factors for digitalisation. A study by the "Münchner Kreis" also comes to this conclusion. In its "Digitalisation – the German economy's Achilles heel" study on future developments, 87 percent of those surveyed stated that they rate these topics as extremely or very important for 2020.
Keeping sovereignty of data
"In an increasingly digitalised world, data security and data sovereignty are of existential importance to companies," says Professor Reimund Neugebauer, President of the Fraunhofer Gesellschaft. That is why, together with industry and in cooperation with the federal government, Fraunhofer wants to create an internationally open and at the same time secure data space: Industrial Data Space. "Companies need this kind of protected space, where they can share and exchange data with each other based on rules established by themselves without having to give up control of their information," explains Professor Boris Otto, who is coordinating the project that twelve Fraunhofer Institutes are involved in.
The Industrial Data Space is supposed to allow for the secure exchange of data along the entire data supply chain as well as easily combining one’s own data with public information, for example weather, traffic and geographical data, based on a federal data management concept. Another focus is on protecting confidentiality, which is guaranteed by certifying participants, data sources and services.
Data is going to be just as important as capital, labour forces or commodities in a digital economy. It allows for innovative products, services, processes and forms of work organisation to be developed. As a result, for example, information from health insurance companies, patients and providers of pharmaceutical products may help medication and treatment concepts to be launched on the market more effectively and individually.
However, the companies and patients involved must keep sovereignty of their data at all times during the process. "The Industrial Data Space helps them to use this potential for innovation and provides basic services for handling data confidentially, for example by making information anonymous, through integration services and by setting "expiry dates" for the use of data," explains Otto.
Fraunhofer is working closely together with politics and industry on this project. The Federal Ministry of Education and Research (BMBF) is funding a research project on Industrial Data Space with roughly five million euros. The foundation of an Industrial Data Space non-profit association supported by Fraunhofer and companies is also being planned for January 2016.
The Memorandum of Understanding for this has already been signed by ATOS, Bayer, Boehringer Ingelheim, Fraunhofer, KOMSA, PricewaterhouseCoopers, REWE, Salzgitter, SICK, Thyssen-Krupp, TÜV Nord, Volkswagen and the German Electrical and Electronic Manufacturers' Association. Fraunhofer experts are presenting the initial results regarding the Industrial Data Space at CeBIT 2016.
Industry 4.0 — securely networked
The digital transformation of production provides Germany in particular, as one of the most important industrial nations in the world, with huge opportunities. Companies have recognised this too. Industry 4.0 applications such as sensor technology solutions, cyber physical systems or the exchange of planning data with suppliers and customers are already on the rise now. German industry wants to invest 40 billion euros a year in digital production applications by 2020. This is the result of a study by the PricewaterhouseCoopers consulting firm. Two thirds of the companies surveyed are already actively working on digitalising and networking their value creation chain.
However, the security requirements are therefore also rising. Modern production plants are already networked with each other now. As part of Industry 4.0, production networks are being further developed into corporate networks or even into networks with external companies. This opens up new opportunities to attack industrial plants. Besides viruses and trojans, customised malware threatens production connected by the Internet. They can spy on plant parameters, externally control machines, manipulate control systems or shut down processes.
The Stuxnet computer worm that was developed especially to attack industrial plants has shown that this is not a bleak vision of the future but already a reality. Examples of how dangerous attacks on production facilities can be can also be found in the security report by the German Federal Office for Information Security (BSI). For example, hackers managed to take over control of a blast furnace at a steelworks. The consequence: The blast furnace could not be shut down and the entire plant was damaged.
Cyber attacks are already causing production losses now. And the risk increases as networking increases. Sophisticated network technology and effective testing methods are required to be able to identify gaps in security and reliably close them. Using an IT security lab especially equipped for production and automation technology, the Fraunhofer Institute of Optronics, System Technologies and Image Exploitation (IOSB) in Karlsruhe offers a secured testing environment to reconstruct potential attacks on production networks, analyse the impacts and therefore come up with strategies and suitable defence measures.
In addition, researchers can also assess the security functions of common communication standards and protocols for industrial automation systems. The IT security lab has its own model factory with real automation components that control a simulated production plant with conveyor belts, electric drives, robots and lifting equipment. All the network levels of a production facility exist with typical components, including firewalls, switches and wireless assemblies. Its own private Cloud allows IOSB researchers to flexibly set up different configurations and adjust the model factory to different scenarios.
Fraunhofer scientists are already working on concrete solutions to make Industry 4.0 secure. For example, experts from the Fraunhofer Institute for Applied and Integrated Security (AISEC) in Munich, together with their colleagues from Infineon Technologies, have developed a concept that protects PLC-based industrial control systems (programmable logic controller) from unauthorised access and manipulation. The solution consists of trust anchors, OPTIGA™ security chips, the Trust product family from Infineon and complementary software. The chips only allow those components or machines that can be unambiguously identified and are considered to be trustworthy access to the system.
Counterfeit spare parts or unauthorised repair tools are identified and rejected. The solution also protects against manipulation by malware, the wrong software updates and data theft. The chips encrypt and back up sensitive data. As a result the PLC programming and therefore valuable intellectual property and process know-how is protected from theft
Kit for industrial IT security
Researchers from the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt have designed the hardware-based "Trusted Production Platform as a Service" solution to be able to offer better protection for industrial plants and IT components. Industrial IT networks, production data and processes can be secured and controlled on a modular basis using this. "The Trusted Core Network" (TCN) ensures the security of industrial IT networks. The TCN is based on a peer-to-peer infrastructure that is able to check the identity and state of the network nodes.
If a node deviates from the specified target state, the system alarm sounds and excludes manipulated network nodes from the communication. The TCN uses the standardised Trusted Platform Module TPM as a trust anchor to be able to reliably check the device state and identity. This kind of module, which has information about the authorised software and other relevant parts of configuration stored on it, can be found on every device. Routers can check all devices in the vicinity using this data.
The Trusted Production Platform also has digital rights management (Industrial Rights Management, IRM) to protect valuable production data. As a result, the production information can already be encrypted during development. The rights management regulates all the order's important parameters and ensures that the data and production is only decoded for the designated machines.
The basis for all these security mechanisms are technologies for establishing device identities and guaranteeing device integrity. The next generation of hardware modules for ensuring identity and integrity is being launched on the market next year with the Trusted Platform Module (TPM) 2.0. The SIT "TPM Software Stack 2.0" combined with the "TPM Development Tools" are one of the first implementations of the related software and middleware and are therefore an integrated framework for developing innovative solutions.
New security solutions are also required for the corporate networks of the future, as more and more companies are using software-defined networking (SDN) to flexibly manage their computer networks. Routers, switches and firewall components can be centrally controlled using this. This saves time and money. The disadvantage: The centrally based controller level is a worthwhile target for hacker attacks. Experts at AISEC developed the "SENS" visualisation software to be able to check the security of SDN networks. The programme analyses the communication between the controller and applications in real time.
SIT is working on the SDN-based "OrchSec" security solution that can automatically detect and defend against network attacks to improve the security of modern networks. In the process, the advantages of SDN are being used by setting up a special protection or orchestration layer over the network hardware and user data level (data plane) and the SDN controller's control level (control plane).
The experts have already successfully produced a prototype of the solution. The system detects and defends against "ARP spoofing" where hackers attempt to take over external addresses and reroute data and spy on data traffic as well as different kinds of denial of service (DoS) attacks that aim to overload network components. A programming interface also allows for "OrchSec" to be expanded with any other security or management functions.