IT meets OT: Technical and Regulatory Security for Industry 4.0 Machine Interfaces
New interdisciplinary research project at IBE (HT), IMVS (HT), and IWI (HSW).
In the context of Industry 4.0, increasingly autonomous, intelligent, and non-hierarchical machine and system systems are being deployed in production and logistics. These systems are interconnected through a so-called integration platform (also IoT platform) and share a common data environment. This results in a fusion of Information Technologies (IT) with Operational Technologies (OT).
For the integration of machines and systems, new Industry 4.0 communication standards and interfaces such as OPC UA (Open Platform Communication Unified Architecture) or the UMATI standard are used. Machine manufacturers and integrators face the challenge: How do they ‹validate› the security of data interfaces?
Although the utilized interfaces and protocols offer configurable security features such as various encryptions or authentication features, in practice, they are usually only enabled or configured without sustainable consideration of their meaningfulness in terms of technical measures for data security or regulatory requirements. This particularly concerns regional differences, specific customer demands, and various data protection laws. Often, small and medium-sized enterprises (SMEs) in the industrial sector lack specialized personnel to flexibly assess and implement configurations based on security requirements.
The goal of the project is the development and validation of a tool (software-based framework) for the security and regulatory assessment of standard interfaces in Industry 4.0. The framework will conduct a consistent and comprehensive examination and evaluation of machine integrations, providing recommendations to reduce downtime, as well as failure and recovery costs resulting from cyberattacks, and enhance data security. Another aim is the inclusion of country-specific and regulatory factors in the security assessment. Against the backdrop of the revised, tightened data protection law in Switzerland and the differences between laws in the EU, Switzerland, and the USA, the project aims to assist SMEs in meeting these requirements.
The tool is intended to enable employees, without specialization in data security and data protection, to conduct a consistent and comprehensive examination of systems. Furthermore, an efficiency increase of 50% is targeted compared to previous methods.
The 2-year InnoSuisse project, initiated in December 2023, is led by Markus Krack, Professor for Smart Factory, and is carried out in collaboration with implementation partners Endress+Hauser and Industrie 2025, with the involvement of Dr. Martin Gwerder, Prof. Dr. Bettina Schneider, Simona Burri, and Jona Karg.