Security and Data Protection for Future Production Systems
Security and Data Protection
This research field deals with
sustainable research questions for secure industrial production plants. In
addition to the legal aspects of data protection, these include future,
flexible security concepts for industry 4.0, secure cloud use, self-learning
anomaly detection in industrial production, and verifiable security in the
presence of active adversaries.
Flexible Security
Concepts
In Industry 4.0, intelligent autonomous
components will increasingly be used in the future, which are to interact and
communicate spontaneously with other, already integrated components. This
requires greater flexibility of the networks and the predefined security zones.
The concept of software defined networks
(SDN) offers the possibility to implement security guidelines for devices,
applications and services in a detailed and flexible manner.
Smart Fabric can thus benefit from SDN as
a building block for flexible and innovative security concepts. KASTEL develops
concepts that enable the use of software-defined network technologies to
implement modern security concepts in industry 4.0.
For example, for the dynamic
establishment of security zones or the flexible composition of
security-relevant network functions and their placement within the physical
infrastructure.
Participating research groups are the Fraunhofer
IOSB and the TeleMatics.
Cloud Computing
In the context of Industry 4.0,
businesses are expected to use cloud computing technology for secure data
storage and data exchange between companies. Cloud computing becomes part of a
critical infrastructure for industry. The advantages of flexibility, robustness
and cost savings are offset by the loss of transparency.
KASTEL is developing a framework to
increase the transparency of cloud-based industry 4.0 solutions. This is
intended to enable a company as a cloud user to check, for example, whether a
solution actually complies with the requirements. For example, at which
geographical locations the data is stored and whether the required redundant
copies have also been created or deleted in accordance with the regulations.
The research group in this area are the TeleMatics.
Legal Aspects
Like all innovations, Industry 4.0 also
encounters a legal environment that has to be taken into account in its
development. The identified statutory and European legal requirements must be
examined with regard to the specified application scenarios, whereby questions
of data protection law in particular are of central importance. At European
level, the new basic European data protection regulation (DS-GVO) must be taken
into account, the standards of which will apply from May 2018. Their rules will
apply directly in each Member State and will replace national data protection
legislation in huge parts.
KASTEL is investigating how the
computerisation of manufacturing technology can be promoted within the
framework of Industry 4.0 in such a way, that data and secrecy-protecting
precautions can nevertheless be taken.
The participating research group is the Center for Applied Law
(ZAR).
Real-time
Requirements and Verifiable Security
Security in plants that implement the
Industry 4.0 concept must be considered comprehensively - from the planning
level to the technical levels. The systems are operated in real time, which
poses an additional security risk. An adversary who gains access to the
technical infrastructure of a plant can cause great physical and financial
damage.
KASTEL develops a formal method for
conclusively demonstrating security.
Specifically, it is to be shown that an
adversary with the means at his disposal is incapable to damage the plant or to
operate it outside of the envisaged parameters. For this purpose, absolute
properties (e. g."the drill head never moves deeper than expected into the
drilling material") and relational properties (e. g."the speed of the
motor can be at most doubled by reconfiguration") are to be investigated.
Research is carried out together with the
Institute
for Theoretical Computer Science (ITI).
Security
and Data Protection for Future Production Systems
Modern production facilities are highly
networked. Embedded systems communicate with each other independently, planning
systems from the cloud calculate order steps and machine occupancy, plant
operators monitor and control from a distance, maintenance personnel access
resources worldwide and perform configuration changes. In the networked world,
the protection of production facilities no longer ends at the factory building
or the company grounds. The network connections allow adversaries to intrude
and manipulate the systems, malware infections can completely paralyze large
areas of the system, causing immense physical damage to the system and danger
to the population. Not only since news about Stuxnet, Duqu, Flame and Havex has
it been clear that production facilities are easy targets for cyber attacks.