Why cyber security?

There are several definitions for cyber security, like

  • Cyber security is the state in which the risks associated with the use of information technology are reduced to a tolerable level. Risks arise from threats and weaknesses to systems and products.
  • Information security is the preservation of confidentiality, integrity and availability of information. (ISO 27000:2009)

Ignoring or neglecting cyber security risks in state-of-the-art, highly networked automation systems can at least lead to major disadvantages or even endanger the existence of complete business models and entire companies.

The most commonly experienced risks and damages from cyber-attacks include, for example:

  • Plant downtimes: Due to security problems, production has to be stopped for hours or days. Such production downtimes result in considerable costs.
  • Loss of know-how: A competitor can access your sensitive data (design, engineering,...). The quantification of the resulting economical damage is complex and expensive.
  • Data loss. The reconstruction and recovery of the lost data may be very expensive.
  • Damaged reputation: The consequences of a damaged reputation of your company after a cyber attack are often not foreseeable and even more difficult to represent financially. And what happens if data of your customers are affected by the attack?

Therefore, the importance of cyber security has increased massively during the last years in all areas of a company. The risk is further increasing due to two trends: On the one hand, the attack surface is becoming larger with increasing digitization and networking, and on the other hand, attackers and attack methods are becoming more efficient.
Accordingly, measures must be taken to protect a company from cyber attacks. Only an integrated cyber security approach is suitable to protect production facilities and critical infrastructures.

The goal of all cyber security measures must be to protect the value creation as this is at the heart of every business.

From this basic principle, individual and specific security goals can be derived for your company. Such specific goals can be, for example, know-how protection (e.g., for development results or contract conditions) or the compliance with legal requirements, for example data privacy. In manufacturing companies, the ability to produce and deliver is of obvious importance.

Note: With regard to security, a distinction must be made between two types of technology or network: IT networks and ICS/OT (Industrial Control Systems/Operational Technology). See topic IT and OT/ ICS: A Comparison for details.
Note: An adequate security concept must include the technology involved, defined processes, and the people involved, i.e., it must specify both technological and organizational measures.
Refer to the topic Security as Holistic System Approach for further information.

 

 

 


•  Web browser recommendation: Chrome, Firefox 78 or newer, Edge 88 or newer, or Safari • 
• Published/reviewed: 2023-01-13 • Revision 005 •