Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… ·...

The Trust Provider for IT Security, IT Quality and IT Infrastructure

Dirk Kretzschmar

Managing Director TÜV Informationstechnik GmbH

Beijing, September 11th, 2017

Germany Industry 4.0

IT Security

Data Privacy

September 11th, 2017 IT Security Workshop ISCCC - TÜViT 1

Industrie 4.0 Scope

Industriy 4.0 represents a complete new approach of the industry: - Products are controling their own production process - Raw material sends their construction plans to the production plant - Workpieces are becoming an active control component in the future factory


System-Solutions and smart Products

Active Systems - predefined automatic reactions to changes - efficient and fast, But not intelligent

Intelligent Systems when the control of data processing does apply the 3 layer model of cognitive sciences: 1. active Control -> Reaction to Change 2. associative Control -> Conditioning (stimulation-reaction-pattern) 3. cognition -> plan, adjust objectives, learn, capability to self optimization

Cyber-Physical Systems Intelligente Systems which are communication using the Internet and do cooperate adaptive -> systems self adaptation to changes robust -> deal with situations, which haven‘t been preprogrammed by developer forward looking -> future conditions, influences and reactions can be anticipated based on experiences and new perceptions

IT Security Workshop ISCCC - TÜViT 3 September 11th, 2017


Methods of Productions are changing: Decentralized production: 3D Printer

IT Security Workshop ISCCC - TÜViT 5

Industry 4.0 Overview

Vertical (integration and networked production systems) Horizontal integration of value chain networks

Digital integration of engineering throughout the whole value chain

September 11th, 2017

Industrie 4.0 – Definition and Principles

Industrie 4.0 is use of internet technology for communication between human, mashine and products. Objective is the increase of quality, cost- and resources efficiency, flexibility, capability of change as well as robustness in volatile markets

Technological basis are cyber-physische system (CPS) and the „Internet of Things“.

Network: Capability of mashines, devices, sensors and human to connect and communicate via the Internet.

Information transparency: Capability of information systems to enrich digital models with sensor data, to create a virtual image of the real worls.

Technical Assistence: Assistent systems which process data to get to substantial decisions and solve upcoming problems in time.

Dezentral Decisions: Capability of cyber-physical systems to create autonomous decistions.

Principles


Reference Architecture Model describes Industry 4.0

RAMI 4.0 All aspects and descriptions of this new technology can be localised and visualized systematically

3 Dimensions of the Model

Architectur -> based on 6 layers

from real „things“ Industry 4.0 Components

up to business processes

Product Life Cicle

Development, Production, Sales, Service

Hierarchy

Product

Pyramid of Automization

[ Sensor/Actuator, Control (HMI), MES, ERP ]

Interconnection – Connected World



Hierarchy Levels


Reference Architecture Model Industrie 4.0 (RAMI)

Laye

rs


Industry 4.0 Component

Functions

Virtual representation (data)

Capability of communication

Type / Instance

„Thing“ / Entity



Industrie 4.0 Component

Physical things

Thing Thing

Thing

Management Shell virtual representation technical functionality

Industry 4.0 component

Manifest Recource manager Condition monitoring Component management Erosion data Manual Setup Operation data /Conditions Data Sheet



DEMO


all „things“ have an Internet (IP) address

all „things“ communicate using the Internet

all „things“ reach all internet connected entities

all „things“ can be reached by all those entities

all generated data transfer can be listened to

Internet of things – the new quality


Functional Safety and Security

14 September 11th,

2017

IT Security Workshop ISCCC - TÜViT

IT Security and IT Safety

Security SECURITY Security Safety SAFETY Safety

Hazards by IT

Protection of man

Threats by man

Protection of IT

Security4Safety September 11th, 2017 IT Security Workshop ISCCC - TÜViT 15

Information Communication Technology

Application Unit Sensoren

Information Unit Datenhaltung

Management Unit Anzeige Software Entscheidungsfindung

Integration communication protocol unit



Reference Architecture Model Industrie 4.0 (RAMI)


We allow mashines to participate our private life Webcams, smart TVs, Router, Baby Phones, Heating, Roller Blinds, etc. The devices are connectes, intelligent, take care for our houses and children and making life easier The Internet of Things conquers our living rooms But the majority of those devices have lots of weaknesses and are very poor protected. They have vulnerabilities, because they are aren‘t follow any security design rules. Is this a target for Hackers?


19 IT Security Workshop ISCCC - TÜViT

DENIAL OF SERVICE



„ATTACK OF THE TOASTERS“


We are not alone


SINGLE PLAYER MODE

MULTI PLAYER MODE

21 September 11th, 2017

Security by Design

Privacy by Design

Smart Gateways

use of Secure Elements

22

FUTURE OF IT SECURITY

IT Security Workshop ISCCC - TÜViT September 11th, 2017

23

EU DATENSCHUTZGRUNDVERORDNUNG (EU-DSGVO) GENERAL DATA PROTECTION REGULATION (EU-GDPR)

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016

Protection of natural persons with regard to the processing of personal data and on the free movement of such data

In Force 25.05.2018


24


IT Security Workshop ISCCC - TÜViT

General Data Protection Regulation (GDPR) is the first comprehensive overhaul of European Union data protection rules in 20 years

GDPR will repeal and replace Directive 95/46/EC

GDPR will be directly applicable in all EU Member States and will replace existing national law implementations of the Directive



10 KEY DEVELOPMENTS


26


Objective

Harmonization and Modernization of the data security law within the European Union

For establishing fair competition conditions (higher rated than national right)

GDPR is valid, when person related data of EU citizens are being processed

By companies with subsidaries in the EU, even when the data processing is executed outside EU borders

By companies with subsidaries outside EU during a data processing in relation with offering products or services (market location pronciple)

High penalties by non-compliance – penalty fees up to 10 Mio. or 20 Mio. EUR or up to 2 oder 4% of the complete worldwide achieved yearly revenue!


Our services – IT Security

IT Security Common Cr iter ia

Web Application Security

Security Lab Cyber Secur ity

N e t w o r k S e c u r i t y F I P S - 1 4 0 - 2

Data Center Secur i ty

IT Security Smart Grid

Pe n e t ra t i o n Te s t i n g

Biometr ics

I T - G r u n d s c h u t z ISO 27001 DataPrivacy

I S O 2 2 3 0 1

A u to m o t i v e S e c u r i t y Mobi le Secur i ty

Crit ical infrastructure

S e c u r i t y 4 S a fe t y


Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… ·...

Documents

Transcript of Germany Industry 4.0 IT Security Data Privacy The Trust Provider for IT Security… ·...