Dr. Michael Waidner, Professor of Secure Information Technology at Frauenhofer SIT.
Last year, Software AG formed a Scientific Advisory Board to provide it with a scientific perspective on trends – and potential trends - in technology. In this series of blogs, we highlight each Scientific Advisory Board member’s area of expertise and some of his views for the future.
Today, we feature Dr. Michael Waidner.
“Networking technical production systems offers great potential for improving efficiency and agility. Thanks to cloud technologies, we can always keep an eye on the status of machines and production overall. System configurations are flexible and changes can be made at any time depending on the market situation.
Conversely, this networking also brings up new issues of IT security. Information and control no longer reside in physical equipment systems, but are mapped out in software and therefore subjected to a variety of attacks. If this software is not secure, competitors can gain insight into production processes, for example, or saboteurs can even manipulate products or bring production to a standstill.
The Stuxnet worm proved back in 2010 that attacks on industrial systems are not just theoretical constructs. All software products being used need to be automatically tested for typical weak points in code and configuration. In a modern digital factory this includes web applications, cloud-based platform applications, mobile apps and the control software used in production equipment and systems. The testing must be repeated after each update, especially in the era of agile development processes.
Since a manual examination of the system by experts is not feasible, due to the size and complexity of realistic installations, automated scanners are indispensable. Any weak points that cannot be closed must be isolated to prevent exploitation or at least to detect it immediately. Here it is important to recognize anomalies early on and enable operators to implement suitable countermeasures.
Moreover, operators trust that the platforms being used, such as ADAMOS, are not only secure, but also provide easy-to-use security technologies for the solutions that build on top of them. For that reason, the interfaces and functions must be intuitively secure to use for those other than explicitly trained developers.”