Cyber Security

ZVEI Security Assessment for the Electrical and Digital Industries

The ZVEI's work on cybersecurity focuses on raising awareness among companies, politicians, citizens and employees. 'Ensuring data security' is also one of the ZVEI innovation study's key recommendations for action on digitalisation in the electrical and digital industry. Trust in the possibilities of digitalisation can only be established when cybersecurity and data protection are guaranteed. In response to this recommendation, the “Security Situation in the Automation Trade Association” pilot project was successfully completed last year. The project revealed that almost every company in the automation industry is subject to minor and medium-sized cyberattacks, with three out of ten companies regularly experiencing serious incidents.

The security situation report for the entire electrical and digital industry, developed in collaboration with the Federal Office for Information Security (BSI), highlights the importance of this issue for the sector. Over the past two years, 60 per cent of surveyed companies have been affected by Trojans and ransomware. On a positive note, cybersecurity is now definitely a priority for the industry – 88 percent of participants say that it is a top management priority. However, the survey also shows that there is still a 'trust problem' with the investigating authorities. For instance, 75 per cent of respondents said that they had not reported an incident caused deliberately because they thought it would not be successful.

To ensure greater cybersecurity, particularly within companies, a security-conscious culture must be established within the industry. Experience and exchange groups within the ZVEI (German Electrical and Electronic Manufacturers' Association) and the Alliance for Cybersecurity, for example, offer suitable platforms for this. Small and medium-sized enterprises in particular can benefit from the expert knowledge available there.

Alliance for Cybersecurity

The Alliance for Cybersecurity is committed to making cybersecurity an integral part of corporate guidelines, just like environmental protection, compliance and CSR. After all, cybersecurity protects and preserves both corporate and social values. Thanks to digitalisation and the 'botnet capability' of the Internet of Things, every company and private user will bear cyber responsibility for society in future. For example, attacks carried out with the computing power of networked refrigerators are only possible if these devices are not protected against cyberattacks. A cultural change is necessary to meet this responsibility. As with environmental protection, this will take time. The key is to put people at the centre of this change in thinking: a rethink of cybersecurity, as opposed to exclusively technical concepts, is the key to success. The human factor is also at the heart of Allianz's support. Information and checklists are useful, but more is needed. However, for the future, a way must be found to provide additional, personalised support and assistance when needed.

Focus on Industrial Security

Implementing cybersecurity measures raises specific problems and challenges – even well-designed security standards cannot simply be adopted. Additionally, some traditional IT security measures are only partially applicable, if at all, to machines, production facilities and industrial products. Examples include the complex management of identity certificates and encryption for machines or even individual components. The ZVEI and the Alliance for Cybersecurity have made it their mission to ask industrial users about their needs in more detail than traditional surveys allow, and to provide support that is precisely tailored to those needs. In terms of industrial policy, the focus is on establishing 'industrial security' as a supplement to 'IT security', which is also crucial for security in the production environment. Another focus is ensuring trustworthiness in times of global value creation relationships.

Newsgame „Hack the Factory“

The aim is to raise awareness of cybersecurity in the electrical industry, making it more accessible to those affected and the general public. Effective protective measures for companies and products are essential for implementing data-based business models and new collaborations. To this end, ZVEI is breaking new ground by presenting Hack the Factory, a newsgame.

Players take on the role of hackers and can choose from different targets and attack methods. They must also try to cover their tracks after a successful attack. This allows them to acquire knowledge about cybersecurity in a playful way.

A European Cyber Trust Zone

Increased awareness of cybersecurity protects not only private users and companies, but also Germany and Europe as a whole. This is because digitalisation is intensifying the competition between the US, China and Europe, particularly Germany. However, this competition is not necessarily conducted fairly. There are many indications that China, in particular, is seeking to circumvent competition by striving for technological supremacy. On the one hand, the country is acquiring high-tech companies elsewhere. On the other hand, it is breaking away from the consensus of international standardisation institutions. A level playing field is becoming increasingly difficult to establish. It is therefore crucial that Europe does not lose the initiative.

Why is this European initiative so important? It raises cybersecurity requirements and, if designed correctly, encourages the development of innovative, user-friendly technology. Transparency fosters competition. A new basic level of cybersecurity should be applied uniformly to create a level playing field for all. At the same time, there should be enough flexibility to allow every manufacturer to differentiate themselves if they meet additional standards. This would strengthen Europe's competitiveness and help European companies to finally become the world's leading providers of security, particularly in the field of industrial security. This could be Europe's answer to the US and China, protecting citizens and businesses as effectively as possible while expanding our advantage as a location for cybersecurity. Clearly, the European digital single market, designed as a common area of trust, is the only sensible reference point for this project. However, such an internationally compatible framework for trustworthiness can only be achieved through collaboration between industry and politics:Manufacturers must prioritise security by design and thoroughly scrutinise the quality of third-party products used primarily in the software sector. Only a secure development and production process can yield good, trustworthy products. To achieve this, politics and business must work together more closely, flexibly and quickly, going beyond standardisation and regulation. If such cooperation between industry and politics can be achieved in more areas and on a larger scale — for example, through a strengthened alliance for cybersecurity — we can create a European cyber trust area that can compete with the US, China and Israel.