IT meets OT: Technical and Regulatory Safety for Industry 4.0 Machine Interfaces

Background

In the course of Industry 4.0, independent, intelligent and hierarchical machine and plant systems are increasingly being used in production and logistics, which are interconnected via a so-called integration platform (also called IoT platform) and have a common data world. This results in a merger of information technology (IT) and operational technology (OT).

New Industry 4.0 communication standards and interfaces such as OPC UA (Open Platform Communication Unified Architecture) or the UMATI standard are used for the integration of machines and systems.

Machine manufacturers and integrators face the challenge: How do they 'validate’ the security of data interfaces?
Although the interfaces and protocols used offer configurable security features such as various encryption or authentication features, in practice these are usually only switched on or configured without long-term consideration of their usefulness in relation to technical measures for data security or regulatory requirements. This concerns in particular regional differences, specific customer requirements and different data protection laws. Industrial SMEs often lack the skilled staff to assess and implement configurations flexibly according to security requirements.

Goals

The aim of the project is the development and validation of a web tool (software-based rulebook/coach) for the security and regulatory evaluation of standard interfaces in Industry 4.0. The rulebook will perform a consistent and complete review and evaluation of machine integrations and provide recommendations for action to reduce downtime, downtime and recovery costs as a result of cyber attacks and to increase data security.

Another aim is to integrate country-specific and regulatory factors into the security assessment. Against the backdrop of the revised, stricter data protection law in Switzerland and the differences between the laws in the EU, Switzerland and the USA, the project aims to support SMEs in meeting these requirements.

The tool aims to enable employees without specialisation in data security and data protection to carry out a consistent and complete audit of the systems. It also aims to increase efficiency by 50% compared to previous methods.