Cyber-Threats in Industrial Networks
2021-05-20 Daniela Previtali
The recent cyber-attack on the Colonial pipeline in the U.S. is a stark reminder of the very real threats that exist to global infrastructure. The pipeline which carries 45% of the U.S. East Coast’s supply of diesel, petrol, and jet fuel per day, was hit with a ransomware cyber-attack, effectively disrupting the flow of fuel for several days as several pipelines were taken offline to contain the threat. As a result of the disruption in the supply chain, U.S. fuel prices rose six cents per gallon in a matter of days. Whether the purpose of this particular attack was political gain, societal disruption, or simple monetary greed as purported in this case, the incident highlights the omnipresent risks that cyber-criminals pose to not only industrial infrastructure like a fuel pipeline, but to businesses, military, and the general population as well in a highly digitalized age.
Just a few weeks prior to this event, Oliver Winzenried, CEO, and co-founder of Wibu-Systems, was interviewed by the Allianz Industrie 4.0 Baden-Wuerttemberg during the Hannover Messe, a premier global technology exhibition, presented virtually in 2021. Ironically, the topic of the discussion was Cyber Threats in Industrial Networks.
During the interview with the Allianz’ Lukas Schleicher, Oliver reflected on the dramatic changes he has seen in the security landscape over the past 30 years since founding Wibu-Systems as a company dedicated to software protection and secure licensing. In 1989, the company was simply focused on protecting PC software against one-to-one copying. Today, he noted, the landscape is much different and much more complicated as software is pervasive in virtually all products, not just standalone PCs. Now, software exists in embedded systems that can be operated by any number of different types of controllers, gathering process data from various sensors, running over different operating systems, and all created by diverse programming languages. Add to that scenario the digitalization of industry and the networking of the Internet of Things, and the opportunities for cyber-attacks increase exponentially.
“The automation advantages that one envisions for Industry 4.0, for example, can only be implemented when production facilities, machines, and tools are networked,” Oliver said. “Of course, this increases the opportunities for cyber-attacks. The protection against malicious manipulation of industrial systems is becoming more and more important and the levels of protection must be increased accordingly. Product manufacturers must make the investment in security technology, even if it doesn’t add functional value for the end user.”
Oliver further noted that no one company has a security solution that can protect every imaginable product and application. “What we can do,” he added, “is to provide the technology, software, and tools that can be integrated by the manufacturers, with our help, into the various products and applications. Each manufacturer needs to assess the threat landscape and integrate security accordingly, whether the products are used in the medical, industrial, or other sectors. Take, for example, the automotive industry. When you bring your car in for service, a technician connects a diagnostic device that identifies any issues in the engine. That tool is operated with software. When you withdraw money from an ATM, that kiosk is operated with software. When you go to the dentist and require a ceramic tooth replacement, the high-tech system used to design and produce the replacement tooth is guided by software. In each of these cases, components of our technology are integrated in the products to not only protect the devices from unauthorized access, reverse engineering, or manipulation, but also to license and monetize the various functions and features of the system, in a pay-per-use model for example.”
New threat vectors will emerge continuously, and Oliver emphasized that technology must evolve as well. Cryptography must be refined and enhanced to address new threats. To that end, Wibu-Systems works closely with research institutions like the Karlsruhe Institute of Technology, universities, and other technology companies. Cooperative efforts are vitally important to stay ahead of the malicious actors. The company also embarked upon an important new construction project.
“Three years ago,” Oliver said, “we decided to build modern and ecologically sustainable headquarters in Karlsruhe and expand our campus with the House of IT Security, a facility built alongside our new head offices. The idea for this effort was to create a collaborative community for start-ups, research organizations, and the security arms of established companies that would foster cooperative research efforts, networking, and innovation, all focused on addressing the security challenges of the present and the future.”
You can watch the complete interview (German language, English subtitles) here.
Wibu-Systems Global Marketing Director – IIC Marketing WG Co-Chair
Daniela is a marketing veteran who has dedicated more than twenty years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.