Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… ·...
Transcript of Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… ·...
![Page 1: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/1.jpg)
The Trust Provider for IT Security, IT Quality and IT Infrastructure
Dirk Kretzschmar
Managing Director TÜV Informationstechnik GmbH
Beijing, September 11th, 2017
Germany Industry 4.0
IT Security
Data Privacy
![Page 2: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/2.jpg)
September 11th, 2017 IT Security Workshop ISCCC - TÜViT 1
Industrie 4.0 Scope
![Page 3: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/3.jpg)
Industriy 4.0 represents a complete new approach of the industry: - Products are controling their own production process - Raw material sends their construction plans to the production plant - Workpieces are becoming an active control component in the future factory
September 11th, 2017 IT Security Workshop ISCCC - TÜViT 2
![Page 4: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/4.jpg)
System-Solutions and smart Products
Active Systems - predefined automatic reactions to changes - efficient and fast, But not intelligent
Intelligent Systems when the control of data processing does apply the 3 layer model of cognitive sciences: 1. active Control -> Reaction to Change 2. associative Control -> Conditioning (stimulation-reaction-pattern) 3. cognition -> plan, adjust objectives, learn, capability to self optimization
Cyber-Physical Systems Intelligente Systems which are communication using the Internet and do cooperate adaptive -> systems self adaptation to changes robust -> deal with situations, which haven‘t been preprogrammed by developer forward looking -> future conditions, influences and reactions can be anticipated based on experiences and new perceptions
IT Security Workshop ISCCC - TÜViT 3 September 11th, 2017
![Page 5: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/5.jpg)
September 11th, 2017 IT Security Workshop ISCCC - TÜViT 4
Methods of Productions are changing: Decentralized production: 3D Printer
![Page 6: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/6.jpg)
IT Security Workshop ISCCC - TÜViT 5
Industry 4.0 Overview
Vertical (integration and networked production systems) Horizontal integration of value chain networks
Digital integration of engineering throughout the whole value chain
September 11th, 2017
![Page 7: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/7.jpg)
Industrie 4.0 – Definition and Principles
Industrie 4.0 is use of internet technology for communication between human, mashine and products. Objective is the increase of quality, cost- and resources efficiency, flexibility, capability of change as well as robustness in volatile markets
Technological basis are cyber-physische system (CPS) and the „Internet of Things“.
Network: Capability of mashines, devices, sensors and human to connect and communicate via the Internet.
Information transparency: Capability of information systems to enrich digital models with sensor data, to create a virtual image of the real worls.
Technical Assistence: Assistent systems which process data to get to substantial decisions and solve upcoming problems in time.
Dezentral Decisions: Capability of cyber-physical systems to create autonomous decistions.
Principles
IT Security Workshop ISCCC - TÜViT 6 September 11th, 2017
![Page 8: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/8.jpg)
Reference Architecture Model describes Industry 4.0
RAMI 4.0 All aspects and descriptions of this new technology can be localised and visualized systematically
3 Dimensions of the Model
Architectur -> based on 6 layers
from real „things“ Industry 4.0 Components
up to business processes
Product Life Cicle
Development, Production, Sales, Service
Hierarchy
Product
Pyramid of Automization
[ Sensor/Actuator, Control (HMI), MES, ERP ]
Interconnection – Connected World
IT Security Workshop ISCCC - TÜViT 7 September 11th, 2017
![Page 9: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/9.jpg)
IT Security Workshop ISCCC - TÜViT 8
Hierarchy Levels
September 11th, 2017
![Page 10: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/10.jpg)
Reference Architecture Model Industrie 4.0 (RAMI)
Laye
rs
![Page 11: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/11.jpg)
IT Security Workshop ISCCC - TÜViT 10
Industry 4.0 Component
Functions
Virtual representation (data)
Capability of communication
Type / Instance
„Thing“ / Entity
September 11th, 2017
![Page 12: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/12.jpg)
IT Security Workshop ISCCC - TÜViT 11
Industrie 4.0 Component
Physical things
Thing Thing
Thing
Management Shell virtual representation technical functionality
Industry 4.0 component
Manifest Recource manager Condition monitoring Component management Erosion data Manual Setup Operation data /Conditions Data Sheet
September 11th, 2017
![Page 13: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/13.jpg)
IT Security Workshop ISCCC - TÜViT 12
DEMO
September 11th, 2017
![Page 14: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/14.jpg)
all „things“ have an Internet (IP) address
all „things“ communicate using the Internet
all „things“ reach all internet connected entities
all „things“ can be reached by all those entities
all generated data transfer can be listened to
Internet of things – the new quality
September 11th, 2017 IT Security Workshop ISCCC - TÜViT 13
![Page 15: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/15.jpg)
Functional Safety and Security
14 September 11th,
2017
IT Security Workshop ISCCC - TÜViT
![Page 16: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/16.jpg)
IT Security and IT Safety
Security SECURITY Security Safety SAFETY Safety
Hazards by IT
Protection of man
Threats by man
Protection of IT
Security4Safety September 11th, 2017 IT Security Workshop ISCCC - TÜViT 15
![Page 17: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/17.jpg)
Information Communication Technology
Application Unit Sensoren
Information Unit Datenhaltung
Management Unit Anzeige Software Entscheidungsfindung
Integration communication protocol unit
September 11th, 2017 IT Security Workshop ISCCC - TÜViT 16
![Page 18: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/18.jpg)
September 11th, 2017 IT Security Workshop ISCCC - TÜViT 17
Reference Architecture Model Industrie 4.0 (RAMI)
![Page 19: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/19.jpg)
IT Security Workshop ISCCC - TÜViT 18
We allow mashines to participate our private life Webcams, smart TVs, Router, Baby Phones, Heating, Roller Blinds, etc. The devices are connectes, intelligent, take care for our houses and children and making life easier The Internet of Things conquers our living rooms But the majority of those devices have lots of weaknesses and are very poor protected. They have vulnerabilities, because they are aren‘t follow any security design rules. Is this a target for Hackers?
September 11th, 2017
![Page 20: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/20.jpg)
19 IT Security Workshop ISCCC - TÜViT
DENIAL OF SERVICE
September 11th, 2017
![Page 21: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/21.jpg)
20 IT Security Workshop ISCCC - TÜViT
„ATTACK OF THE TOASTERS“
September 11th, 2017
![Page 22: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/22.jpg)
We are not alone
21 IT Security Workshop ISCCC - TÜViT
SINGLE PLAYER MODE
MULTI PLAYER MODE
21 September 11th, 2017
![Page 23: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/23.jpg)
Security by Design
Privacy by Design
Smart Gateways
use of Secure Elements
22
FUTURE OF IT SECURITY
IT Security Workshop ISCCC - TÜViT September 11th, 2017
![Page 24: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/24.jpg)
23
EU DATENSCHUTZGRUNDVERORDNUNG (EU-DSGVO) GENERAL DATA PROTECTION REGULATION (EU-GDPR)
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
Protection of natural persons with regard to the processing of personal data and on the free movement of such data
In Force 25.05.2018
IT Security Workshop ISCCC - TÜViT September 11th, 2017
![Page 25: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/25.jpg)
24
EU DATENSCHUTZGRUNDVERORDNUNG (EU-DSGVO) GENERAL DATA PROTECTION REGULATION (EU-GDPR)
IT Security Workshop ISCCC - TÜViT
General Data Protection Regulation (GDPR) is the first comprehensive overhaul of European Union data protection rules in 20 years
GDPR will repeal and replace Directive 95/46/EC
GDPR will be directly applicable in all EU Member States and will replace existing national law implementations of the Directive
September 11th, 2017
![Page 26: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/26.jpg)
25 IT Security Workshop ISCCC - TÜViT
10 KEY DEVELOPMENTS
September 11th, 2017
![Page 27: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/27.jpg)
26
EU DATENSCHUTZGRUNDVERORDNUNG (EU-DSGVO) GENERAL DATA PROTECTION REGULATION (EU-GDPR)
Objective
Harmonization and Modernization of the data security law within the European Union
For establishing fair competition conditions (higher rated than national right)
GDPR is valid, when person related data of EU citizens are being processed
By companies with subsidaries in the EU, even when the data processing is executed outside EU borders
By companies with subsidaries outside EU during a data processing in relation with offering products or services (market location pronciple)
High penalties by non-compliance – penalty fees up to 10 Mio. or 20 Mio. EUR or up to 2 oder 4% of the complete worldwide achieved yearly revenue!
IT Security Workshop ISCCC - TÜViT September 11th, 2017
![Page 28: Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… · 2018-07-27 · IT Security Workshop ISCCC - TÜViT 18 We allow mashines to participate our private](https://reader034.fdocuments.us/reader034/viewer/2022050519/5fa2937097524404a42e035a/html5/thumbnails/28.jpg)
Our services – IT Security
IT Security Common Cr iter ia
Web Application Security
Security Lab Cyber Secur ity
N e t w o r k S e c u r i t y F I P S - 1 4 0 - 2
Data Center Secur i ty
IT Security Smart Grid
Pe n e t ra t i o n Te s t i n g
Biometr ics
I T - G r u n d s c h u t z ISO 27001 DataPrivacy
I S O 2 2 3 0 1
A u to m o t i v e S e c u r i t y Mobi le Secur i ty
Crit ical infrastructure
S e c u r i t y 4 S a fe t y
September 11th, 2017 IT Security Workshop ISCCC - TÜViT 29