Security is no longer one of those topics that should perhaps be dealt with when one’s schedule allows. Instead, it is currently possibly the most important and urgent topic in engineering, or even in industry, as Thomas Pilz, managing partner of Pilz explains.
Security used to be the task of information technology (IT) in the form of IT security. Today, production and industrial plants are also highly interconnected using information technology. We call this OT or industrial security. This describes the protection of production and industrial plants from faults, whether intentional or unintentional.
The objective of industrial security is to guarantee the availability of plant and machinery and the integrity and confidentiality of machine data and processes.
If I am not in control of my data, after all, then the company and the safety of my employees are at risk: Without security no safety, and without safety no protection of people.
Pilz believes that only a holistic approach to safety and security can guarantee the protection of humans and machinery. It is thus absolutely necessary to also implement security measures directly in the devices (such as controllers). The entire lifecycle of the system must be considered here, meaning that security starts in development.
For around 20 years, our Functional Safety Management (FSM) has been checking and certifying safety. Additionally, for the last several years Pilz has also oriented its development processes to IEC 62443-4-1 “Security for industrial automation and control systems – Part 4-1: Secure product development lifecycle requirements”, resulting in demonstrably secure development. TÜV Süd has now certified this in an audit. Strategically, certification is equally as important as the certifications for functional safety.