07/24/2020 | Spotlight

Better secure than sorry

ACHEMA 2022 Focal topic product and process security

Product and process security is one of the focal topics at ACHEMA 2022, as the Internet of Things calls for an intensified approach to secure the interaction between the physical and the virtual worlds.

Has your company already been hacked? If not, you should expect the attack. According to IT experts, there are only these two states and all you can do is to prepare well.

This may seem like a gloomy attitude, but it is backed by impressive numbers. The latest World Economic Forum report on global risks lists cyberattacks and data fraud as two of the top five risks companies are most likely to face. While safety systems are well established and the number of accidents with personal injury is decreasing steadily, cyberattacks are becoming all the more prevalent and in the process industry, too. Lanxess, BASF, Siemens and Henkel are known to have been infected with "Winnti malware" in 2019 and even German "safety and security" specialist Pilz couldn’t evade an attack with "ransomware". In this case, it was directed at office communication systems, but IoT devices are increasingly becoming part of operation and production and need special attention to keep processes and products secure. With every valve that has an IT interface and with every "intelligent" pump sending data into the cloud, IT- and "cybersecurity" rise to the top of the list of things to be concerned about. In times of IoT, each supplier, each automation component and each person represents a potential risk. Therefore, the responsibility lies with every player along the supply chain. ACHEMA 2022 is now putting a spotlight on these challenges. Moreover, the Digital Hub  in hall 12 welcomes key players in software and digitalisation to the ACHEMA family. You haven’t seen them at the show before, but we are sure you wouldn’t want to miss this valuable addition.

No man is an island, nor is a company

Working with an air gap that physically disconnects a system from the internet is one way to keep assailants at bay. However, the global economy is interconnected and many businesses depend on complex supply chains. Business partners and suppliers need to trust each other as well as their cybersecurity practices. If you can’t be sure that your supplier patches known system vulnerabilities with due diligence, a business friend can quickly become a "frenemy", threatening your own operations.
When trust is an issue, distributed ledger technologies such as the blockchain are often quoted as the solution. Managing data in a decentralised way is supposed to make them immune against falsification. Blockchain expert Prof Philipp Sandner and colleagues elaborate about use cases in the chemical and pharmaceutical industries. Blockchain practitioner Dr Silvio Stephan presents a real life application  in the chemical industry which he claims that it has the power to change the whole process industry.

Security: prevents malicious activities by people.

Safety: prevent accidents; people may or may not be involved, but in any case the action is not intentional.

Cybersecurity:  the practice of protecting systems, networks, and programs from digital attacks.

Malware: software to cause damage to a computer or computer network including viruses, worms, Trojan horses, ransomware

Ransomware: Malicious software cybercriminals use to hold data hostage until a ransom is paid. If the demands are not met, the encrypted data remain unavailable or may be deleted.

Phishing: social engineering attack to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication

Pentest: short for penetration test: authorized simulated cyberattack on a computer system to evaluate the security of the system

Remember the human factor

Identifying, assessing and addressing the vulnerabilities of your business is the first step towards secure products and processes. Technical aspects, such as data backups and patching software vulnerabilities come to mind first.  Have a look over the shoulder of Moritz Lottermann, specialist in penetration testing. "Contract hacker" by trade, he evaluates possibilities to break into his clients’ systems, just as a malevolent hacker would do.
Technical considerations aside, human error is the one factor that the majority of hackers use to breach networks. Haven’t we all received e-mails from the Nigerian connection, asking to pay money before you get the huge payoff (that never actually arrives)? That’s social engineering, targeting greed - a basic human trait. Social engineering comes in many flavours, and it doesn’t need to be digital. It can be as basic as the unknown person joining the group of smokers discussing business in front of the office building and walking away with useful information about the company.

Only authentic drugs save lives

When it comes to pharmaceuticals, product security can become a matter of life and death quickly. Maintaining the cold chain is vital for drugs such as insulin. Drug counterfeiting is growing problem around the globe, thus legislators took action. China was a frontrunner in implementing serialisation regulations. In the European Union it has been a year now that every single box of prescription drugs needs to be clearly identifiable and bear a tamper-evident label. The example of serialisation shows particularly clearly the importance of secure production processes in pharmaceutical technology. Previously, the drug packaging was protecting the contents and a brand carrier for the manufacturer, now it has developed into a data carrier and certificate of authenticity.

Author

Marlene Etschmann

marlene.etschmann[at]dechema.de

Keywords in this article:

#product and process security

Find more contributions:

Detailed search in the magazine

Newsletter

Always up to date

With our newsletter you will receive current information on ACHEMA on a regular basis. You are guaranteed not to miss any important dates.

Subscribe now

Tickets
Contact