The latest study by the Federal Office for Information Security (BSI) highlights security challenges for operators of industrial automation systems with accident-relevant operating areas. TÜV NORD was commissioned with the creation.
In the age of Industry 4.0, systems, machines, products and people are increasingly networked with one another and with one another. This opens up new possibilities, but also brings challenges. In the context of the BSI study "Status Quo: Safety & Security in Incident-Relevant Operating Areas", TÜV NORD investigated what these are in concrete terms in the area of cyber security of industrial automation systems. The aim was to determine the need for action on the basis of the knowledge gathered and to develop appropriate measures to prevent incidents as far as possible or to limit them as best as possible.
The study is intended to determine the need for action
Freely available study on behalf of the BSI on the status quo: Safety & Security in incident-relevant operational areas (Image: BSI).
The study was carried out on behalf of the BSI by an interdisciplinary TÜV trio, consisting of TÜV Informationstechnik GmbH, TÜV NORD Systems GmbH & Co. KG and TÜV NORD InfraChem GmbH & Co. KG. In this context, the three companies of the TÜV NORD GROUP first looked at the current problems and security risks for plant security and identified new digital threats from technology trends. The focus here was primarily on internal and external access to the company or to the data handled there. In addition, they conducted interviews with operators, integrators, manufacturers, authorities and experts in order to include the various perspectives in the consideration. On the basis of this analysis, the project team, under the leadership of TÜViT, identified the need for action and developed measures in the sense of best practice examples.
Practical examples for OT security
The result is a current inventory of OT security in organizations, which gives operators, authorities and experts at the same time practical examples for the implementation and implementation of corresponding security measures. Among other things, a blueprint for risk analysis, ideas for cooperation between IT and OT as well as an overview and references between the applicable regulations.
Since unauthorized interference can now take place both physically and digitally, the BSI study takes a holistic look at the security of industrial control systems. This means that aspects of physical plant security merge with requirements of IT security. This interdisciplinary mix is also reflected in the composition of the project team, in which TÜViT, as IT specialist, met two experts for technical security of systems with TÜV NORD Systems and TÜV NORD InfraChem. The resulting safety recommendations for operators of industrial control systems and authorities are summarized in the new study on safety & security in incident-related operational areas and can be downloaded free of charge from the BSI website.
More at TUVit.de
About TÜV Informationstechnik
TÜV Informationstechnik GmbH is geared towards testing and certifying security in information technology. As an independent testing service provider for IT security, TÜV Informationstechnik GmbH is an international leader. Numerous customers already benefit from the company's tested security. The portfolio includes cyber security, evaluation of software and hardware, IoT / Industry 4.0, data protection, ISMS, smart energy, mobile security, automotive security, eID and trust services as well as testing and certification of data centers with regard to their physical security and high availability.