News

19.03.2018

Results of the ZVEI security situation picture

In order to raise awareness for cyber security, ZVEI and the German Federal Office for Information Security (BSI) have drawn up a security situation picture for the German electrical industry.

The aim of the ZVEI is to raise awareness of for cyber security in the electrical industry and to make it comprehensible to those affected and as well as the public. Effective protection measures for companies and products are central prerequisites for implementing data-based business models and new cooperations. 

At a time where the number of cyber-attacks is increasing in all areas of life, it is worth taking the right steps to know the current situation exactly. For this reason, the ZVEI, together with the BSI (Federal Office for Information Security), has drawn up a safety security situation picture for the electrical industry on the basis of a member survey. 101 companies from 21 different industrial sectors (including industrial automation, electronic components and systems, electrical installation systems, lighting systems) took part, most of them with up to 1,000 employees. The questions covered both office and production IT.

Results of the ZVEI safety security situation picture

An important finding of the security picture is that the issue of cyber security has definitely reached the industry. This is how Thus 88 percent of the participants describe it as a top management topic. The vast majority of the companies surveyed (87%) also have a main person responsible for IT security. Security engineering for products is not yet a standard, but it is being set up by the companies. Standard measures such as incident processes, password and rights management and backups are implemented in most companies. A good third (33%) carry out risk analyses for all areas of their company, a further 23% in the office sector and 15% for production IT. 

More budget for cyber security

The increased attention to cyber security is also reflected in the budgets: 42 percent plan to increase their budget, while in 36 percent of the companies it remains unchanged. Almost nobody (1%) wants to spend less on cyber security. On the positive side, the money is being invested holistically in IT security: In addition to technology (37%), financial resources also flow into processes (32%) and new hires and/or training (20%). In addition to the qualification of personnel (25%), barriers to investments are above all the incompatibility of the solution with the existing system (17%) and the lack of market transparency (16%). From ZVEI's point of view, suppliers must work on improvements here. 

Security incidents and causes

In the past two years, 60 percent of the companies surveyed have been affected by tTrojans and ransomware. 9 percent claim to have suffered damage of at least 100,000 euros. In the office sector, human error is the main factor with 58 percent for security incidents, followed by weak points in the software used (25 %). In production, software vulnerabilities are the most common cause of incidents (29%), closely followed by human error (22%) and organizational deficiencies (19%). As a result, the evaluation and testing of purchased software and hardware is gaining in importance in the industry. 39 percent of those surveyed recognized this and stated that the issue of trustworthiness of purchased components is relevant for supply chain management. 28 percent do not yet attach great importance to this. According to the ZVEI, there is room for improvement here: In addition to building up expertise in cyber security, the association believes that the trustworthiness of its own and third-party products is a decisive factor in countering cyber-attacks. For this reason, the ZVEI is offering a "ZVEI Expert Day on Trustworthiness" on 19 June 2018, which will provide information on legal aspects, evaluation and testing options and approaches to solutions for industrial and consumer goods. 

Despite the high number of cyber security incidents, the resulting damage has so far been limited. For example, 39 percent say they have not suffered any damage, 27 percent say they have suffered financial damage and 13 percent say they have lost data. From ZVEI's point of view, it is striking that damage to the image accounts for only five percent of the damage caused.

Little confidence in the fight against crime

According to the ZVEI safetysecurity situation picture, cooperation with the investigating authorities represents a challenge: Little trust is placed in the fight against crime. For example, 83 percent of the participants stated that they had not reported a deliberately caused incident. The main reasons given are low chances of success (21%) and the presumption that the offender is abroad, and thus outside the access possibilities of national authorities (another 20%). The latter encourages the ZVEI to continue its commitment to increased European and international cooperation in the prosecution of cybercrime. 

Alliance for cyber security as an exchange platform

According to the ZVEI, a trustful exchange and cooperation between companies is an important factor for more cyber security in the electrical industry. The Alliance for Cyber Security offers a helpful platform for this. In addition, it supports its members with BSI warnings, current situation pictures, solutions and various training offers. According to the survey, however, only half of those surveyed know about the Alliance. Security standards for the production environment are also little known and even less frequently implemented.

Conclusion from the ZVEI safety security situation picture

The security picture shows that expertise in cyber security and the trustworthiness of own and third-party products are decisive factors in countering cyber-attacks. In addition, the key to greater cyber security in the electrical industry is a trusting exchange and cooperation between companies - for example through the Alliance for Cyber Security - and with the authorities.

The ZVEI conducted the survey in cooperation with the German Federal Office for Information Security (BSI). This ensured the value of the questions as well as data protection and cyber security of the survey. Only anonymous answers were collected, no traceability was possible. The online tool was designed in such a way that several employees and departments or one individual could answer the question. The survey was anonymous and it was impossible for both the service provider and the BSI to trace the answers.

You may also be interested in:

Further

Most visited pages

Publications

Read more

Industrie 4.0

Read more

Mobility

Read more

Energy

Read more

Subjects

Read more

DC-INDUSTRIE

Energiewende meets Industrie 4.0

Together with its partners in the DC-INDUSTRIE project, ZVEI is developing network management options for the future. The motto:...

5G-ACIA

Designing 5G for Industrial Use

5G allows machines to communicate with each other in real time, saving resources and energy through Edge Computing and Massive...

ZVEI explains Supply Chain Management

Electronic supply chains are complex. This is why it is of importance to manage their complexity well. The PROS definiton...

ZVEI explains RAMI 4.0 (Chinese subtitles)

To create a uniform basis for Industrie 4.0, ZVEI has teamed up with its partners to develop RAMI 4.0, the reference architecture...

Implementing Industrie 4.0: This is how it works!

Industrie 4.0 is no longer just a theory, the practice is now being applied in many German businesses. The demands of a global...