15
Whitepaper BLOCKCHAIN : THE FUTURE OF THE INDUSTRY Secure processes. Intelligent contracts. Transparent business relations.
Whitepaper
BLOCKCHAIN: THE FUTURE
OF THE INDUSTRYSecure processes. Intelligent contracts.
Transparent business relations.
CONTENTSPREFACE 4
BLOCKCHAIN 6
Peer-to-peer 7
Consensus 8
Hash chains 10
Blockchain in industrial use 12
STRUCTURE OF THE FACILITY 16
ICS SECURITY FOR THE PRODUCTION FACILITY 18
Principles 19
Goals and measures 20
Organisation 20
Securing physical access 22
Secure design 22
Operation and maintenance 23
Implementation 24
CONCLUSION 24
AUTHORS 25
Imprint:Whitepaper Publication June 2018T-Systems Multimedia Solutions GmbH Riesaer Strasse 5, 01129 Dresden
Authors: Katja TietzeMarian Neubert
Preface: Dr Frank Schönefeld Organisation:Project management: Julia Kunert Layout: Peter Brücker
4 5
PREFACEDear Readers,
Try starting a discussion about blockchains with your colleagues or at a conference at some point. You will probably experience an ex-treme spectrum of opinions, just like I did, and often see computer scientists in particular shrug their shoulders.This is because blockchain, to some extent, suffers from this range of opinions. The enthusiasts are at the top of one side. Those who think they can turn the world upside down with blockchain. They want to tear down borders with it and take entirely new paths. For the sceptics, however, it’s “only” a distributed database technology with known consensus algorithms.
But what is this lasting bipolarity based on – with a topic that has already been known about for several years?
The enthusiasts rejoice in the fact that third parties will be su-perfluous. Brokers, mediators or stewards are no longer needed. Even in complex technological scenarios, the “man in the middle” becomes redundant. Sceptics, however, argue that these kinds of ideas are still too often based on theoretical pipe dreams, which are not only too undeveloped but also insecure at this time. So it often becomes difficult to align the business or economic applica-tion and technology – at least two disciplines.
However, for me this “aligning” is the key to resolving the polarity.
Blockchain will become another significant constant in digitisa-tion – I am certain of it. It’s also important to recognise not just its economic opportunities but also the associated technological chal-lenges. In the best case, this will succeed through trial. I consider it a good step when companies start a pilot blockchain project under convincing conditions, when they look at the examples set by others and when they try to transfer the theoretical world of the blockchain to their specific business processes.
Of course, in your next discussion with colleagues, you can then give a brief account of your experiences with the pilot project.
That is exactly the target group for which we created this White-paper at T-Systems Multimedia Solutions. In this paper, we look at technical foundations as well as real economical application purposes. This happens primarily with our demonstrator, which is guided by actual industry situations and will show you useful types of applications. But we will also clearly define those determining factors that must be regulated in the blockchain context in regards to ICS security (Industrial Control Systems).
I hope you will find this paper useful and wish you much success with your blockchain projects.
Dr Frank Schönefeld
6 7
BLOCKCHAINBlockchain is reaching its productive phase in business – and this to an enormous extent. According to media reports, authorities in Dubai want to handle all commercial transac-tions via blockchain by 2020. This is how the Emirate would like to prevent logistical and customs-related bureaucracy. In India, the industrial conglomerate Mahindra plans to optimise the management of its supply chains, while Japan’s car manufacturer Toyota is apparently planning something similar. Additionally, the pharmaceutical industry wants to make its clinical tests fail-safe with blockchain and transmit patient data and gene analy-ses to health authorities in this way without the risk of corruption. 1Conclusion: According to surveys by the World Economic Forum, 10 per cent of the global gross domestic prod-uct will already be stored with blockchain technology by 2025.2
If you look for the reasons behind the blockchain boom from a technological perspective, these can be found especially in the blockchain design, whose dispersed approach offers new opportunities for cooperation. And these technical possibilities are also the main reason why the industry is so interested in this innovation – when certain security criteria are adhered to (see chapter “ICS security for manufacturing systems”).
1 http://www.manager-magazin.de/magazin/artikel/next-internet-blockchain-macht-sich-in-der-industrie-bre-it-a-1154807.html
2 https://www.rolandberger.com/publications/publication_pdf/roland_berger_blockchain_final.pdf
PEER-TO-PEER
The basic benefit is that companies can store, process and transmit data between several partners without a central distribution point (intermediary). This is based on a peer-to-peer principle (P2P) where every node can be connected with any other. Benefits: There are no nodes which know more than others.But P2P also means highly redundant storage for error tolerance. The failure of one node can’t affect the totality of the network in its functions (single point of failure) or result in data no longer being accessible. Furthermore, these kinds of errors or malicious manip-ulations in one location are not decisive and in some cases not even possible. One false datum alone, for example, can’t falsify the entire system. This is exactly why the blockchain is stored on every node.
For a corporate user, this structure offers several benefits at once:
• No fees for intermediaries • No dependencies. For example, where an intermediary fails and thus cripples the network or an intermediary prefers certain nodes
• Companies arbitrarily connect to any other company in the blockchain, regardless of its size or location
• Transparency in respect to data status and performed activities • Creates gapless process documentation • Virtually eliminates susceptibility to manipulation • No trust is needed between partners
Structure of the blockchain – decentralised architecture
Traditional systemswith central data storage
Traditional systems are centralised and required third parties or intermediaries to securely ex-
change information.
The distribution of information in blockchain sys-tems is inherently secure and transparent in the
network without requiring an intermediary.
Blockchain systemswith decentralised data storage
BLOCKCHAIN
8 9
CONSENSUS
Blockchain is relevant for more reasons than just the P2P principle, however. Consensus mechanisms in the form of algorithms ensure the integrity and consistency of the managed data.3
This is because it is a basic challenge of P2P that the information in such a dispersed net-work is distributed asynchronously between the nodes, which means messages are sent and will arrive at some point. Here, the user has no reliability when it comes to message runtimes or sequences. For that reason, every node must be capable of checking messag-es (“Are they valid and permitted?”) and attributing them correctly (“Which are the current data? In which sequence must the activities be performed?”). Otherwise errors (inconsist-encies) may arise, along with double spending that is impermissible to some extent.
Blockchain consensus algorithm
This is why the consensus algorithm is used. It synchronises the redundantly dispersed database. It enables all nodes to check and contribute to the decision of whether to accept a received message – in other words, whether it conforms to protocol and is valid in the network. Additionally, it creates the same condition on all nodes in the blockchain.
With peer-to-peer in particular, the integrity of the data must be assured, since one doesn’t know each sender of a message and thus can’t trust any node or participant in general.
3 https://www.dev-insider.de/consensus-modelle-in-der-uebersicht-a-631671/
For the algorithm, this therefore means the following in practice: each node acts according to the same consensus and decides whether it’s ready to make a change in the database. But to ensure that all nodes do the same thing, a change is only implemented after a majority decision.
With blockchain, this is solved by distributing a new block with a reference to the previous block in the network and nodes wait for some time after the new block (and its position in the chain) is validated. If, in a certain time period, they learn about other chains in which this block was not included, they can assume that the majority of all nodes has not ap-proved this particular block. A node thus selects the longest chain that it sees, since it can assume that the chain only grew to such a length because enough others approved it.
A consensus algorithm thus ensures that no new unacceptable data gets into the database and that all nodes store the same database.
Symbol of transactions
• All users in the network are connected to each other.
• In addition to the transaction between user Markus and user Sabrina, many other transac-tions take place.
• Each network user notes all transactions that were made between the participants in the network.
• All ten notes are identical, since each person was able to observe each individual transaction.
• Each transaction is a line.
• From the transaction data on one note, a cryp-tographic hash is created, which is unique.
• Transactions are signed so that it is clearly traceable who has performed them.
• This signature is then transferred to the second note.
• As soon as someone changes a transaction on the note, the signature also changes.
• At the end of the second note, another signature is created, which is transferred to the third note.
• The multiple transactions and many recorded notes create a chain of information.
BLOCKCHAINBLOCKCHAIN
10 11
It looks like this in practice: to use the program itself first requires an invitation for the node or user; after this is confirmed with a signature, the program functions can be executed.
A business process can be implemented as a smart contract, for example, so that all busi-ness partners receive invitations and confirm their willingness to work cooperatively on exactly this specified code (to execute the code specified on the blockchain). Subsequent-ly, no one can dispute this any longer, nor change the code without detection.
What makes smart contracts special compared to conventional programs is therefore that all participants authenticate them and benefit from the advantages of the blockchain (not susceptible to manipulation, traceability, transparency). The use of smart contracts thus results in an enormous reduction in the operational risk of the contracting parties along with an automated and trustworthy process.4
Security of the blockchain
4 https://www.computerwoche.de/a/blockchain-im-einsatz,3316539
HASH CHAINS
Another essential security factor in the blockchain is a hash chain. This has the following technical background: since the longest chain is accepted, the possibility that e.g. cyber-criminals are maliciously manipulating older segments of the chain must be eliminated as much as possible. For example, by having a node simply delete old values.
To prevent a node from having to check every transaction in every block, a hash total is generated for a block. This is a short chain of characters that depicts the contents of data and is completely changed when only one bit is altered in the contents. This hash can be checked much more quickly.
The principle: the hash total of one block is included as a content in the next one, so that a change in any data block would also require a change in all subsequent data blocks to conceal the manipulation. The hash chain thus results in a recognition and rejection of er-rors and even malicious manipulations so that these can’t be distributed across the nodes. Additionally, the integrity of an entire block and even a whole chain can be checked quick-ly by analysing the last hash value.As a result, the majority of all nodes must proceed maliciously in cooperation in order to distribute a manipulation in the network that would change the entire redundantly kept database.This is why the consensus algorithm for the cryptocurrency Bitcoin – which is based on the blockchain principle – was deliberately set up in an extremely elaborate way: all miners try to find a valid hash value for a block at the same time. During the so-called mining – a process in which computational power is provided for transaction processing, protection and the synchronisation of all users in the network – the hash value is formed, as well as a nonce. This is a number in the block that is incremented so that the hash of the block changes. The miners try to calculate a hash that satisfies certain conditions, namely a par-ticular number of preceding zeros. That means that the hash is calculated, it doesn’t meet the conditions and so the nonce must be changed.
This difficulty prevents participants from being able to manipulate existing data. This is because in Bitcoin, for example, it takes 10 minutes to calculate the hash.
In permissioned blockchains, where all partners are known and may only participate in the network after being authenticated, the consensus can be realised virtually without costs. Thanks to the prior authentication, depending on the type of consensus, the step of find-ing the nonce is eliminated. This eliminates the parameters that make mining so elaborate. For that reason, permissioned blockchains are particularly well-suited for business use.
Other blockchains make it possible to store “smart contracts” or chain code in the block-chain. These are computer programs which, just like the other data, are stored redundantly and accepted via a consensus algorithm. This means that every node must agree to also store a program in the blockchain.
• If a user tries to change the data on a note, the signature of this note changes, as well as that of the next one in the chain.
• The transactions of all notes and the cor-responding signatures would no longer be consistent and all participants would notice the change.
• So it’s impossible for one user to change the notes in such a way that no one will notice it.
• The data on the note can no longer be changed retroactively.
BLOCKCHAINBLOCKCHAIN
12 13
BLOCKCHAIN IN INDUSTRIAL USE
The P2P structure without intermediaries plus the counterfeit protection from the algorithm make it clear why a blockchain is also so well-suited for industrial use. Wolfgang Prinz, deputy institute director at Fraunhofer FIT, thus has good reason to conclude: “In many in-dustrial branches, sharing transactions or the secure and irreversible storage of data, such as measured values, play an important role. In an Industry 4.0 environment, for example, technology can be used in the simplest case to store quality-relevant production data and measured values from different participants securely and without susceptibility to manipu-lation, so that they can also access these independently of each other. Other applications are also possible, for example to securely verify orders from machine to machine and auto-matically bill them after the order fulfilment.” The expert Prinz names such examples as the secure, irreversible storage of quality- or billing-relevant data in a production network or the certification of machines and people.5
So the interim conclusion is clear: not only industries that are traditionally very transac-tional, such as the finance industry, but also primarily industrial enterprises can benefit significantly from the blockchain.
5 https://www.computer-automation.de/unternehmensebene/produktionssoftware/artikel/151269/
To present this benefit comprehensibly on a practical level, T-Systems Multimedia Solu-tions has configured an installation in which a compact industrial facility is connected to the blockchain. This manufacturing plant of the future is based on real industrial pro-cesses and represents the industry with a model that features the conventional industrial sensor systems and agents. Another realistic aspect is that the facility components are coupled with external systems, such as data sources from subcontractors. Since these are potentially not trustworthy, a custom-fit security concept was developed and implemented. A study from 2017 shows how important such measures are. The automotive sector is particularly vigilant when cooperating with external suppliers and service providers. 80 per cent demand a security certificate and arrange minimum standards with their partners. 70 per cent conduct supplier audits.6
The principle of the system is as follows: both parts of the facility (production and packag-ing) may belong to different owners that participate in the value creation process together but don’t want to endanger their autonomy. Usually a coupling of both components is not desired, since...
• No direct access is granted to the co-owner or third parties • Processes and data are not disclosed • There should be no dependency on the entry of (potentially faulty) data by the co-owner and no third-party data should enter into one’s own share of the system
Example of web interface for the smart contract order entry
6 https://www.presseportal.de/pm/50272/3716786
BLOCKCHAINBLOCKCHAIN
14 15
Consequently, the participants enter into a smart contract via the blockchain, agree on the procedures to be handled and then document everything through the blockchain. Then every partner has an insight into what happens when and what status the process current-ly has. Partners can also see, for example, whether there are delays or problems at another point of the chain which might affect them.
The four maxims of smart contracts – digital trusted authority
The fact is that the system operator would like as high as possible a utilisation rate. To that end, he would like to be able to accept orders from a wide range of companies and sell his machine’s capacities to them. However, by implication, he certainly doesn’t want every company to be able to directly engage with the function and internal processes of his machine. He thus offers resources through smart contracts and can automatically assign orders to his facility. Then, if a machine fails or is delayed, the production can be shifted to another one. In this working model, all partners can view all the information relevant to them via the blockchain and they know exactly whether everything is going smoothly and when the process is at which status. In addition to the smart contracts, which already control the process with (partial) automation, the blockchain offers a complete, traceable documenta-tion of all processes across all partners without susceptibility to manipulation. This comes as pure information or even in the form of meeting legal requirements.
If the partner responsible for the packaging sees that there are problems in the produc-tion, for example, he or she knows that the order won’t be delivered at the agreed-on time. This knowledge enables the partner to support the risk management and can prevent an expensive idle state during the packaging production. The packaging production unit can then process other orders during the waiting time.
Since all partners are decoupled, such a blockchain can also support the principle of the sharing economy. Here, different orders are also handled through smart contracts and assigned to an available machine.
This process can solve problems that are particularly known to small and medium-sized enterprises. This is because modern production facilities are known to be expensive and not every small and medium-sized company wants to – or can – operate its own facility that it won’t be able to utilise to capacity. The FAZ quantifies the German volume of machine leasing alone at more than 52 billion euros (as of 2015).7 On the whole, experts lament that small and medium-sized enterprises in particular still hold back too much in terms of investments – although this is not un-founded, considering the cost of modern machinery.8
The blockchain fills this investment gap, as it were. It can specifically help these compa-nies to reach their goals.
7 http://www.faz.net/asv/mittelstandsfinanzierer/mittelstandsfinanzierer-maschinenleasing-14948236.html8 https://www.creditreform-limburg.de/nc/news/news/news-list/details/news-detail/gute-zahlen-aus-dem-leas-
ing-anstieg-der-investitionen-im-mittelstand.html
Direct multilateralcommunication
Highly availabledata storage
Automated executionof process
Securedinteraction
BLOCKCHAINBLOCKCHAIN
16 17
STRUCTURE OF THE FACILITYConceived as part of a “smart factory”, the manufacturing system integrates numerous functions from automation for a realistic Industry 4.0 scenario. This includes, among other things, a transport module, the automatic insertion and drilling of a work piece, a pick-by-light manual work station and a packaging station. This is supplemented by extensive interfaces for secure system communication. The system thus represents a CPS (Cyber Physical System), where the work piece controls the entire production process.
Procedure in the system
The intelligent work pieces being used have a digital production memory via a RFID data carrier. This contains the entire production data as a tabular process plan. During the production process, the system additionally stores process-relevant production data in the product memory, such as the current production step and timestamp for the start and completion of production along with quality data. After the manufacturing process is com-pleted, it is possible to trace it via unique serial numbers. Companies can thus depict the individual production with production batch 1.
The task of the packaging station is to fully automatically package the work pieces. A conveyor belt transports the delivered work pieces into a pick-up position. Then a card-board box is separated, unfolded and prepared for loading. A transport arm uses a gripper to place the work piece into the cardboard box; then the system seals the box. The fully packaged work piece is transported to the end of the belt.
The blockchain technology enables a secure, transparent and verifiable storage of all data and process steps here. It also documents the execution of the process steps, since the underlying processes are depicted in the smart contract – from the contract preparation/product order to the final packaging and secondary processes. The blockchain here functions as an interoperable data storage system, which continues to be updated in a way that can’t be changed by any participants. The advantage of the blockchain technology compared to others is that it is tamper-proof. The distributed database always gives all par-ticipants the same state of knowledge, since all information such as the processing time or energy consumption or status updates (“drilling process completed”, “insertion complet-ed”) is stored unalterably in the blockchain.
There is no way around further “opening” the (already probably networked) system – since a connection to the blockchain requires communication with the outside world. Another important basic requirement for the subsequent secure system operation with the block-chain is practicable ICS security (ICSS). After all, even if the blockchain per se reliably enables the application of new digital business processes such as models of the shared economy in the industry, it still doesn’t protect these sufficiently.
Steps in the blockchain or the smart contract (numbers in the blockchain steps each reference the steps in the system)
Order entry from smart contractQuality matrix
NFC
NFC
Drilling
Automatic insertion
Manual work
Packaging/output
Writing process data into production memory
Work piece entry
Writing order entry into production memory
Transport
4.
5.
6.
7.
8.
Create capacity
request
Accept contract
Accept contract
Create smart contract
1. Capacity request through GUI with product selection (form, logo, etc.)
BLOCKCHAIN
4. Transfer of order data to system 5. Documentation of process step 1
6. Documentation of process step 2 7. Documentation of process step 3
9. Production of work piece completed8. Documentation of packaging/output
2. Contractor has available capacity; acceptance of the order; contract execution
3. Invite subcontractor (drilling, inserting, manual work)
STRUCTURE OF THE FACILITY
18 19
Strategy and tactics – holistic approach
ICS SECURITY FOR THE PRODUCTION FACILITY
As part of a holistic approach (see graphics), users must intensify their processes on at least two levels:
first at the level of information security, often mistakenly referred to as IT security. This means the protection of information against theft and manipulation. The main goal is to secure the confidentiality, integrity and availability of (1) generated, (2) stored and (3) pro-cessed information. The sequence of these three named protection targets also indicates their priority. In office environments, it’s more important to protect information against unauthorised access than to guarantee the availability of this information permanently in real time.
The second level – that of functional security – prioritises the protection of the automation system against unauthorised physical and non-physical access and the associated chang-es of information. The main goals include securing the system availability – under strict consideration of the basic conditions, which are specified by occupational and environ-mental safety – as well as retaining the integrity of the physical process in terms of its quality. The system operation must be secured at all times, even if the automation solution is affected by an error or an intentional attack. The protection target of the confidentiality often receives only secondary consideration, although the core business of many compa-nies significantly depends on the secrecy of its process steps, formulas or patents.
To meet these requirements equally, companies must carefully select their risk assessment method, risk evaluation and measures. To adequately plan, implement and maintain secu-rity, industrial companies need a management system that is part of an ICSS concept (IT security in automation, process control and process guidance systems, Industrial Control Systems, ICS)9, which is suitable for the sector.
These elements are described in more detail below.
PRINCIPLES
The model of the system designed by Festo Didactic and adapted by T-Systems Multime-dia Solutions represents a system for discrete (partially simulated) production that must meet industrial requirements. In this context, industrially suitable generally means: long availability, usually more than 10 years, long-term support by the manufacturer, inherent functional reliability, which means that the control systems must function self-sufficiently, as well as having the ability to be used in a broad temperature range and resistance to mechanical strain.
Framework conditions for the ICSS to be achieved include, for example, the high availabil-ity requirements, which among other things make it more difficult to integrate updates in office IT systems. Additional factors include the long service life of the system, its individ-ual components and the fact that certain aspects of IT security were not considered in the past when the applied protocols were conceived. The only exceptions here are protocol specifications that were recently adopted. Other framework conditions represent specifica-tions for permissions and the operation of the system, for example the safety integrity level (SIL) that must be reached.
It’s particularly important to absolutely maintain system operation, even in the case of an attack. The user accomplishes this by preparing the automation solution for a certain security level to be achieved. This security level, in turn, is reached when it knows the importance of its company assets and can classify them into its value-creating business processes. In other words: only those who know how financially painful it is for a certain system to fail can precisely plan suitable countermeasures.
9 https://www.bsi.bund.de/DE/Themen/Industrie_KRITIS/ICS/Empfehlungen/ICS/empfehlungen_node.html;j-sessionid=24F0FF749A7D82D66845BF4501398930.2_cid341
Require-
Information security
Functionalsecurity
Operationalsecurity
Design
Implementa-
Introduction
Operation
Security
1.
2.
5. 3.
4.
Optimisation 6.
Processes Measures
Methods
ICS SECURITY FOR THE PRODUCTION FACILITY
20 21
Evaluation of the degree of severity of the findings
Noteworthy decline in sales/profits, endangers the company, strong decline in market rate, competitors profit from company know-how
Headlines in the news, declaration of force majeure, competitor uses company know-how
Production failure approx. 1–2 days
Technical expenditure up to several work days
Occurrence probability
Dam
age
Serious (4) Medium Medium High Existential
Low (2)Very low
Low Medium Medium
Significant (3) Low Medium Medium High
Negligible (1)
Verylow
Virtually excluded
(1)
Very low
Unlikely (2)
Low
Possible (3)
Medium
Very likely (4)
GOALS AND MEASURES
Relying on the quality of the products made by the production facility is based on the ability to achieve essential goals that are critical to security. Downtimes can be prevented; there are no unexpected maintenance periods. Individual machines can be isolated (cell protection) but are still available. The confidentiality and integrity of the operator’s informa-tion and customers are assured. The protection of the company assets is also guaranteed. Legal specifications in respect to data security aspects are complied with. There is no un-authorised access while maintaining the constant function of the safety-relevant elements. No unintentional information leaks take place, but secure remote access is possible. In addition to the safe connection of a blockchain, cloud applications can also be coupled to the system network, for example. After all, the system traffic is continuously checked for anomalies.
ORGANISATION
Protecting the systems against attacks requires the participation of all parties, meaning the manufacturers/integrators as well as operators. Both must iteratively consider and closely coordinate all phases of the system lifecycle overall. In the system typical for this model, however, the focus is on the operation, since the manufacturer/integrator Festo Didactic has already completed the system planning and component selection. This means that only subsequent adjustments can be made. The process is also known as the “brownfield approach”: this refers to a factory or production facility that is already built and has been operating for some time.
To guarantee effective management throughout the entire lifecycle of the system, all measures that must be taken for the ICSS are newly identified, planned, implemented and re-evaluated for effectiveness regularly via a risk analysis on the basis of a security management system. A single measure is insufficient to reach an appropriate degree of protection. Instead, companies must implement multiple measures that are adjusted and coordinated with each other and based on a deeply stacked defence system (defense-in-depth). This process is based on the realisation that industrial systems nowadays require comprehensive protection due to cyber threats and the increasing networking of industrial value creation. The procedures in the product lifecycle must be tested for vulnerabilities in a holistic approach and embedded in a defense-in-depth concept that guarantees the IT security of the system, the network security and the system integrity according to the latest technology.10 Experts determine the risks for this on the basis of information values similar to the process of IEC 27005, which integrates the product-centred view of the IEC 62443, and thus primarily the availability requirement. The risk management for the practical system example was performed with the available processes (manufacturing of products, packaging, maintenance, etc.). The risk scenarios are based on the risk catalogue of the IT baseline protection compendium by the German Federal Office for Information Security (BSI) and the measures in turn on ISO 27001 and IEC 62443.
10 https://www.elektrotechnik.vogel.de/defense-in-depth-grundlage-fuer-eine-erfolgreiche-verteidigungsstrate-gie-gegen-cyberangriffe-a-473371/
Procedure of the entire risk analysis process and its dependencies
Matrix showing how an overall risk is determined from the findings of a risk analysis. This is used to determine and prioritise measures.
List of vulnerabilities
Identification of vulnerabilities
List of relevant threats
Frequencies
Inference of security measures
Identification of threats (catalogue of threats)
Estimate of frequencies
Estimate of risks
List of threats and vulnerabilities
Risk acceptance or risk appetite
Damages Estimate of damages
Results from audits, penetration tests, etc.
Context: laws, standards, contracts, etc.
ICS SECURITY FOR THE PRODUCTION FACILITYICS SECURITY FOR THE PRODUCTION FACILITY
22 23
SECURING PHYSICAL ACCESS
Physical access must also be secured: to prevent unauthorised access, at least the following clusters of measures must be planned and implemented.
1. By means of suitable technical, organisational and infrastructural meas-ures, the user controls access to sensitive facility components, systems, security zones and critical infrastructure installations as well as access to critical information and applications. This is only possible for authorised persons
2. Entry and access authorisations are only granted, cancelled and reviewed for compliance according to formalised processes when needed
In the facility, this is achieved by granting access to only a few people by means of an RFID chip. The programming of the system components can only take place at the system itself; no remote access is possible.
SECURE DESIGN
For new planning or a redesign of the system or individual components, at least the following clusters of measures must be implemented.
1. Each employee is aware of the necessity and significance of the ICSS for the production facility. Each organisational unit or each department is responsible for the security of its own information and its distribution
2. Wherever a classification of information and of the resources necessary for its storage, transmission or processing (supporting information values) is required, the corresponding regulations control how such information is handled
3. Insecure functions and protocols are not permitted; they must be deactivat-ed. Otherwise, further intensification or protective measures are required
4. The company limits the activation of services and protocols to those that are required for the operation
5. Network access can be controlled through segmentation in zones and the establishment of filter mechanisms between conduits
6. Access to the system and changes in the system must be logged in a cen-tral area. Predefined accounts, groups, passwords, keys, and certificates, for example, must be replaced by customised ones. The least-privilege principle must be applied, which means that every user, every service and every system is only granted the rights that are absolutely needed to fulfil the respective tasks
In practice, the employees who work with the facility are instructed on the handling and trained on the basis of concrete scenarios, such as security incidents and simulated attacks. Developers that program the control systems or must access those interfaces can only do this from defined systems that are not connected to the Internet. Additionally, a separation into different zones (external/office, DMZ, production, packaging) was per-formed by means of an industrial firewall. The communication is controlled by means of firewall rules. Access with programming tools is only possible through an IPSec-secured tunnel.Furthermore, an anomaly recognition feature for the system network traffic was implement-ed for this system: here all traffic from the individual cells is diverted and analysed perma-nently via a switch. Since the traffic is very regular and static in automation networks, each change, such as the absence of data, new protocols, fluctuations in real-time traffic, etc., is noticed and recognised immediately. The product used here is the Industrial Protector from Rhebo GmbH.
OPERATION AND MAINTENANCE
The production facility should not be tested for individual security functions and properties but also with respect to the protection of the entire system during operation. At minimum, this includes:
1. Security incidents must be reported to the ICS security officer or deputy officer immediately
2. All employees regularly participate in ICS security training or are instructed about new features resulting from important changes in the ICSS by their respective department manager or the ICS security officer or deputy officer
3. Rules for regular use of the system and possible errors must be defined. An organised transition of the system between operating and maintenance states must be documented and tested
4. The responsible parties always keep the software and firmware up to date. The responsible parties must actively request security updates for the used products, which must be tested and rolled out in coordination with the operating requirements
5. Access materials and data are protected and inaccessible to unauthorised personnel. The company immediately replaces access data, keys and certificates if there is any suspicion of a compromise. Passwords must be changed regularly while adhering to availability
Here too, the following applies in practice: there are few people who must perform organ-isational tasks defined according to roles, such as documentation and software tests, or who may perform only specific actions, such as programming system components and changing firewall rules.
ICS SECURITY FOR THE PRODUCTION FACILITYICS SECURITY FOR THE PRODUCTION FACILITY
24 25
AUTHORSKATJA TIETZE,BLOCKCHAIN CONSULTANT, T-SYSTEMS MULTIMEDIA SOLUTIONS GMBH
Katja Tietze studied computer science at the Technical University of Dresden, where she subsequently worked as a research assis-tant in the areas of ubiquitous and distributed systems. Her focus was on network architectures, consensus protocols and mecha-nisms for replication, consistency and error tolerance, in research as well as education. Since 2017, she has been part of the Blockchain Innovation Labs at T-Systems Multimedia Solutions as a consultant and supports diverse projects throughout Germany.
MARIAN NEUBERT, SECURITY CONSULTANT, T-SYSTEMS MULTIMEDIA SOLUTIONS GMBH
Marian Neubert is active in the area of M2M as well as automation communication and their security (ICS security). He was previously responsible for the planning, coordination and provision of com-plex high availability and cluster projects in the managed hosting area for several years (UNIX systems). He supported many projects for the implementation of customer-specific security requirements, e.g. in the area of PCI-DDS, ISO 27001 and basic protection in line with the BSI. He also accompanied external and internal audits and functioned as an information security officer for several years. He has successfully completed an IRCA-certified test as lead auditor ISO 27001 and has a LPIC-2 as well as ITILv3-Foundation certification.
PREFACE
DR FRANK SCHÖNEFELD, MANAGING DIRECTOR, T-SYSTEMS MULTIMEDIA SOLUTIONS GMBH
Dr Frank Schönefeld has been a member of the Executive Board (signatory) at T-Systems Multimedia Solutions GmbH since 2003 and is currently responsible for technology development and innovation. He also manages the business area Web Management Services and is committed to business excellence at a European level and strengthening the software industry at a regional level by founding and managing the IT network Software Saxony.
CONCLUSION • The blockchain offers enormous opportunities (not only) to the manufacturing industry and the production trade. Companies can use it to lower their investment costs or par-ticipate in new, digital value creation networks. They optimise the utilisation rate of their machines and can also let third-party suppliers participate in the system operation without risks
• The technical design of the blockchain makes it very secure in principle. It can thus be manipulated eventually only with a maximum amount of effort.
• Nonetheless, companies should familiarise themselves with modern methods of ICSS so that the security of the system equipped with the blockchain can be guaranteed as well
IMPLEMENTATION
The implementation is based on an ICS security program with the following clearly defined objectives:
1. ICS security requirements are already recognised as such and treated accordingly in the beginning stage of the decision-making processes
2. Potential dangers such as residual risks are defined and documented in a risk management system
3. Roles and responsibilities relating to the ICS security concept are clearly defined and established in the application area of the security concept
4. ICS security measures continuously adapt to the changing requirements of the business processes in connection to the production facility
5. ICS security measures are differentiated according to identified risks for the respective assets and are consistent with the corresponding documentation
GUIDED. DIGITAL. ABOUT T-SYSTEMS MULTIMEDIA SOLUTIONS
T-Systems Multimedia Solutions supports large and medium-sized companies in digital transformation. With an annual turnover of 173 million euros in 2017, the market leader shows new paths and business models in the areas of Industry 4.0, customer journeys, the workplace of the future and digital reliability with its expert consultations and technical know-how. The digital service provider offers a dynamic web and application management with around 1,900 employees in seven locations and ensures the highest software quality, barrier-free access and IT security with the first certified test lab of the Internet and multi-media industry.
T-Systems Multimedia Solutions received multiple Social Business Leader Awards from the Experton Group and the iF Design Award and was one of the recipients of the Outstand-ing Security Performance Awards in 2017. Additionally, the company with headquarters in Dresden was honoured with the Great Place to Work Award on multiple occasions as one of Germany’s best employers and named as Best Consultant 2017 by the business maga-zine brand eins.
More information: www.t-systems-mms.com
VIDEO ABOUT THE USE OF BLOCKCHAIN IN THE INDUSTRY
Link: vimeo.com/238920489
#tsmmswww.t-systems-mms.com
