Report
Because online security is primarily behavior - rather than technology - 25 technicians learn how to prevent a hack of factory systems in the ICD Cyber Security Workshop. Not only employees of ICD companies but also colleagues from other companies are joining in. After all, in the case of serious threats, it is better to warn and help each other than to compete.
The students have barely installed their laptops or some Raspberry Pi's begin to vibrate and ‘chirp. The little computers are on the tables and connected to the laptops they brought with them to simulate practical situations today. A few grumble about not being able to connect to the local Wi-Fi network. Others ignore a prompt to create a new password. ’’I'm making it a little more difficult for the students today,’' Vincent Denneman laughs. He is an ICT Technology and Cyber Security student at the Fontys University of Applied Sciences in Eindhoven and earns a little extra money as a ‘hacker. ’I have just sent a message that the password must be changed. Whoever follows this message thinks he is changing his password, but in reality gives me permission to take over his system. Meanwhile, the user thinks he is safe with a new password.’’
Urgency
A nice introduction, but necessary to feel the urgency of well-secured systems. Throughout the day, Vincent breaks in and sets off activities that are not intended. This is how he trains together with course leader Egbert-Jan Sol, director at TNO and program director of Smart Industry, awareness on the dangers companies face with digital systems. ’’This is necessary, because security is all too often seen as a cost,’’ Sol told the male audience. ''Those who share data are at great risk, greater than many companies are aware of. Today you will experience for yourself what it is to be hacked, which will make you more alert to the risks you are exposed to. Get your teeth wet! If you were in school you would take six months on what we are discussing today in one day.''
open source
As contradictory as it seems, and aware of all the risks, Sol advocates more use of open source. ’’Five years ago I wouldn't dare say this, but today open source is reliable. Not just the software, but also the hardware. And it costs a fraction today of what you had to pay for it years ago. Just look at the PI.’’ Sol signals a trend, but immediately notes that someone who has worked in IT for years and relies on systems from the well-known major brands does not want to work with open source. ’’People doubt the reliability, especially in the production environment of a factory. But that is changing.'' In addition to the cost of open source being attractive, Sol argues that everyone is working on solutions to make open source better. ''This makes it at least as resistant to intrusions as established systems and also much more flexible.''
Dates
,’’This is interesting,'' agrees Christian van der Kooi. He is a business analyst at CSK Food Enrichment and working on a plant optimization project. ,,I came here because I want to learn more about data security. I am not a programmer, so the practical exercises with the PI are not for me. But it is interesting to hear what others are doing to protect business systems and data. And maybe there is an interesting collaboration in it with one of these companies. Because it's better to alert and help each other instead of keeping smart solutions just for yourself.’’
supply chain
Your own security may be in good shape, but if the entire supply chain is not, it will be difficult to resist cyber attacks and hacks. After all, the chain is only as strong as its weakest link. Sol: ,,PLCs are becoming IoT computers and you increasingly see these kinds of computers built into end products to collect all kinds of data about end use. The ambition of smart industry is to achieve zero defaults. That's why you collect data. This data is worth gold and you want to protect it. Just like data from the entire lifetime of a product. For example, what data is needed to understand what a customer does? What data is really important for the customer to function better? You get this data from the product, from all instances, with all users, always. So the customer is buying a service, not a product. This makes us collect gigantic amounts of data. And we want to protect all of that from undesirable use.‘’
the case
Time for the assignment. Pears are stored in a large department store. The indoor climate has a constant temperature and humidity and everything works as energy-efficiently as possible. A special lock of doors gives access to the department store. The assignment: find out how these doors can be used as optimally as possible with the least energy loss, while keeping the indoor climate constant. This order comes according to Pieter Haantjes, service engineer at YP Your Partner, so from experience. It could have been my job! We manage, monitor and secure installations from Hamburg to Amsterdam. The quality of the water in the elephant enclosure in Artis, for example, is monitored with our software.’’ Haantjes also keeps an eye on whether safety systems are working properly. ’’That's why it's interesting to participate in this workshop. I learn new perspectives that I can use in my work.''
Understandable
That is exactly is the purpose of the workshop, in addition to developing a sense of urgency for the rise of cyber risks in the manufacturing environment. More and more production equipment is being connected to the factory network and to the Internet. Greater amounts of data and its analysis allow processes to be adjusted. But with the linking of production to the office domain and the Internet, cyber risks arise precisely. Therefore, production lines and equipment must be securely linked. After all, in the event of a hack, the damage can be extensive. Therefore, cyber risks must be understood so that companies can take appropriate measures. That is exactly why information consultant Sjaak Stuiver of municipality of Weststellingwerf also participates. ’’Well, mostly listening in,’’ Stuiver explains his participation. He is a civil servant, not a technician and cannot program. ,,I am the odd man out today, but I do feel the urgency of the problem. We are now dealing with the faltering Citrix security that has forced some of our systems down.’’ Stuiver especially wants to understand exactly what cyber risks are and also finds it amusing to see how easily professionals allow themselves to be hacked. ''I am surprised by how easy it is to enter a system and collect data. With this knowledge, I can now better explain to colleagues and business owners in our community the risks they may be exposed to. (laughing) Well, so that brings a public servant to this workshop!''
