2. 2|TÜVTRUSTIT2019
ÜBER UNSER UNTERNEHMEN
TÜV Austria – founded 1872
TÜV TRUST IT provides:
● Certification services in the area of
information security and privacy
● Over 40 IT security experts
● Long-standing experience
● Extended industry segment know-
how
6. IT SECURITY IN THE INDUSTRY
6|TÜVTRUSTIT2019
Foto:fridarika/photocase.de
7. History repeats itself
✔IT security of some industrial components (SPS) equates with the level of security of IT
system 20 years ago.
✔This allows the same attacks like on IT systems 20 years ago.
✔An industrial component needs the same amount of
protection as a standard IT component e.g. a PC.
✔The presumption that OT is completely different than IT
in the area of cyber security is false.
8. Examples
✔One example are Siemens SPS.
✔Siemens provides all known vulnerabilities on their CERT Internet page.
✔As an example in September 2019: 7 vulnerabilities disclosed
✔It shows that the provided vulnerabilities are not really specific to
the industrial sector but can also be found in
„normal“ IT systems like servers and clients.
9. Innovative attacks
✔TÜV AUSTRIA published a Whitepaper
called „IoT im Smart Home“
✔It describes new attack scenarios using
side channel attacks
✔The use against IIoT and I4.0 is more likely
than in a smart home environment
✔Right now, there are no easy and cheap
countermeasures available
14. ✔Countermeasures against sophisticate attacks can only work if the defense are informed.
This means the access to information, which are displayed in a SIEM like Splunk.
Countermeasures
16. Conclusion
• Cybersecurity is getting more and more important.
• Each involved party needs to think about security.
> Product developers
> Product integrators
> Administrators of the products
> User of the products
• Unfortunately, IoT and IIoT devices and cybersecurity is both; a threat and an
opportunity. We all will benefit from the integration of devices but also this new
integration can cause us harm.
• The key to success is the visibility of information and problems in the network to protect
against attacks.