Digitisation is based on data and cyber security as well as the complete protection of digital devices and applications in the private sphere and commercial environment.
Successfully managed connectivity in modern buildings as part of digital transformation is not possible without data security and standards in this area, according to the speakers at the 3rd Intersec Forum 2018:
In his opening speech in 2018, Michael Ziesemer, President of the ZVEI, designed the scenario of the actively safe building, which is already technically capable of detecting and reporting security situations and dynamically adaptively controlling the fight against and avoidance of threats. According to Ziesemer, the decisive step from the passive control of building data to the agile security concept of the future is only possible if it uses all data generated in building management: "It is the data that makes building technology digital. And accordingly, the secure digital control of buildings is only as good as the collection and processing of building data on the basis of data security and data protection. "For good reason", says Ziesemer, "there is the Intersec Forum with its current range of topics here in Frankfurt am Main". Further information from the ZVEI association on the subject of security technology can be found here: https://www.zvei.org/en/association/divisions/safety-security-division/
Dr. Roland Busch, CTO Siemens, gave concrete form to the concept of the active, agile building: Within its building automation being developed, data security is currently the greatest obstacle.
He explained this using the example of Siemens' own innovative infrastructures at the company headquarters in Munich and other global megatrends:
- Buildings account for 41% of global energy consumption
- 80% of the total costs of a building are incurred during operation – a challenge for planning with BIM.
- 30% of the space in office buildings will in future be used for flexible working methods – 50% of the workforce in 2020 will be so-called "millennials" (generation of digital natives born in the new millennium).
- In 80% of buildings today, it is unclear to whom they will later belong – a fact worth considering from the point of view of planning and safety technology.
He identified three major challenges of digital transformation for planners and operators of modern buildings: comfort and security of the product, application and building environment; cost efficiency and productivity of buildings and users.
Defining norms and standards and complying with them is an important and logical step for all involved: developers, manufacturers, technicians and building operators.
Arne Schönbohm, President of the German Federal Office for Information Security (BSI) on cyber security in digitisation: Arne Schoenbohm called for "sensitising the human factor to the risks posed by inadequate security of digital devices and applications".
In a world that is still rather an analogue world and is only just beginning to be digitised, the risks and damage are already considerable, as Arne Schoenbohm points out: As early as 2009, criminal organisations made more profit from cybercrime (extortion, data theft and misuse); targeted Internet espionage attacks are only detected on average 243 days after the attack. In 2017 alone, more than 600,000 malware programs were discovered. According to a Bitkom study, industrial espionage costs 55 billion euros a year. There are more than 1,000 vulnerabilities in the ten best-selling software products. The BSI records 50,000 warnings a day about cyberattacks by affected users.
In view of these facts, Arne Schoenbohm called for a new understanding of information and data security in companies as well as in society as a whole: "We must come to a reality and a reasonable risk management of cybersecurity by default. Cybersecurity is the prerequisite for digitisation and should be a matter for the management on CEO level. Standards for data security are the next step – and not only in 2020, but already today. Schoenbohm also sees this as Germany's special achievement and pioneering role at the European level.
Since 2012, the BSI offers a successful platform with the initiative "Networks protect networks", through which responsible persons and managers from companies can inform themselves and exchange their experiences, certified partners, solutions and risks: www.allianz-fuer-cybersicherheit.de
Lukas Linke, cyber security consultant at ZVEI, presented ZVEI's 2018 security situation picture based on feedback from over 100 member companies from 21 different industrial sectors (mainly component manufacturers).
Here are some highlights from the survey:
- 42% of the surveyed ZVEI member companies want to increase their budget for IT security in the next 12 to 18 months, primary investments should flow into hardware & software, but also into processes.
- 87% of the companies have a main person responsible for IT security
- 88% say cyber security is top management issue
- Incidents were mostly caused by Trojans or Ransomware (60% of the companies surveyed);
- Weak points in the software used and human error are the main factors that lead to the occurrence of a security incident.
- Security standards for the production environment - such as the VDI/VDE standard 2182, the ISO/IEC standards 27009/27019 and, above all, the IEC62443 standard, which is very helpful for manufacturers, integrators and operators - have only been applied to a limited extent to date (5-7% of respondents) and are completely unknown to more than half of the respondents.
The ZVEI will schedule further expert events here and recommends cooperation with the BSI network
Philipp Rothmann, Senior Manager at dhpg IT-Services: Cyber security in building automation, Philipp Rothmann looked into the Todo's when planning and operating secure smart home solutions: It is indispensable that the concept of "security by design" is strictly adhered to on the manufacturer side and by product development, and on the technicians' and users' side that security by default and the good training of all users.
Particularly in agile processes, authentication is becoming increasingly important. And as a credo for building planning, he told the audience to involve cyber security experts as early as possible.
Dr. Nicolas Krämer, Commercial Managing Director of the Neuss Municipal Clinics, Lukas Hospital:
Attack from Darkness
Crime Time at the Intersec Forum! - Dr. Nicolas Krämer, Commercial Director of the Neuss Municipal Hospitals, brought the emergency to the podium in a true-to-life and competent manner: on 10 February 2016, the cyberattack of a hacker who is still unknown today paralysed the IT systems of the hospital – but could not affect the clinic operations.
The risks for this sensitive infrastructure, the right reactions and small human errors of the participants and the lessons learned from this event were an impressive experience for all listeners. Here, too, the importance of password security and regular password changes was demonstrated. Seven hints for cyber security should be learned by heart.