With the spread of Industry 4.0, an increasing number of unsecured, computer-guided production machinery and networks in production facilities are gradually evolving into gateways for data theft.
New security technologies may directly shield the sensitive data that is kept there.
You can hear the metallic buzz as the milling machine bores into the workpiece. Just a few last drill holes, and the camshaft is complete.
The computer-guided machine performed the entire job – thanks to the digital manufacturing data that were uploaded onto its embedded computer beforehand. Everything runs without a hitch, only – the data are stolen.
Manufacturing data determine the production process for a product, and are just as valuable today as the design plans. They contain distinctive, inimitable information about the product and its manufacture.
Whoever possesses this info merely needs the right equipment, et voilà: the pirated or counterfeit product is done. Whereas design data are well-protected from unauthorised outside access today, production data often lie exposed and unsecured in the computer-assisted machinery.
An infected computer on the network, or just a USB stick, are all a thief would need to heist the data. Or hackers could directly attack the IT network – for instance, through unsecured network components, like routers or switches.
Researchers at the Fraunhofer Institute for Secure Information Technology SIT in Germany have developed a software application that immediately encrypts manufacturing data as soon as they emerge.
Integrated into computer and equipment, they ensure that both communicate with each other through a protected transportation channel and that only licensed actions are executed.
“To the best of our knowledge, no comparable safeguard has previously existed for manufacturing data that reside directly in the machine tool,” states Thomas Dexheimer from the SIT’s Security Testlab. Digital Rights Management (DRM) controls all important parameters of the assignment, such as designated use, quantity, etc.
This way, brand manufacturers are able to guarantee that even external producers can only produce an authorised quantity, as instructed in advance – and no additional pirated units.
His colleague at SIT, Dr. Carsten Rudolph, is more involved with secured networks. “Hackers can also gain access to sensitive production data via unsecured network components. These are small computers themselves, and can be easily manipulated,” says the “Trust and Compliance” department head at SIT.
In order to prevent this, he called upon one piece of technology that, for the most part, lies dormant and, for all intents and purposes, unused on our PCs: the Trusted Platform Module.
This relates to a small computer chip that can encrypt, decrypt, and digitally sign the data. Installed into a network component, it indicates which software is running on the component, and assigns a distinct identity to it.
“As soon as the software changes in a component, the adjacent component registers this occurrence and notifies the administrator. Hacker attacks can be exposed quickly and easily this way,” says Rudolph.
“Both security technologies are important building blocks for the targeted Industry 4.0 scenario,” says Dexheimer.
“This revolution can only work if the intellectual property is sufficiently protected. And that’s a tall order, because the targets of production IT will increase exponentially, due to ever growing digitization and networking,” explains Dexheimer.
Dexheimer and Rudolph have developed a computer-assisted machine tool using a CAD computer and a 3D printer. SIT’s security software is installed both on the computer and the printer.
The data are encrypted on the computer, and decrypted by the printer. The printer also validates the licensed authorisation to conduct the print job.
To ensure that the data are also securely embedded in the network, the scientists have built a Trusted Platform Module into multiple routers, and are displaying this as a demo. “An attacker cannot hack this there, because he or she will get nowhere near the built-in key,” explains Rudolph.
Image: Fraunhofer IGD