Security in automated intralogistics: how can I ward off hacker attacks?

Uninvited guests typically break in via physical windows and doors. But today’s points of entry are just as likely to be digital. And they are often wide open. Smart devices in homes are increasingly exchanging data with the Internet of Things (IoT), and as such, they are part of a gigantic, highly opaque world. Everything wants to connect with everything else. And Industry 4.0 Is creating similar openings. Intralogistics, especially its automated elements, has become a new and attractive target for hackers.

Within the scope of Industry 4.0, warehouse processes generate a staggering amount of data that is continuously moving around between machines, vehicles, employees and customers. And it is not just technical data – many bits and bytes convey information that is very personal in nature, often in real time. What’s more, the larger the network, the greater the number of potential vulnerabilities for hackers to exploit.

Nonetheless, many people continue to downplay the threat of cybercrime. However, the truth is, according to ICT industry association Bitkom, that it damages the German economy to the tune of approximately 43 billion euros annually. The German Federal Criminal Police Office (BKA) expects to see this figure double every year. The motivation behind these attacks varies greatly, from sheer vandalism on the part of younger hackers to industrial espionage, to a desire to damage competitors, to acts of revenge by disgruntled (former) employees.

Putting a padlock on your IT

There is even a website (shodan.io) that publically lists vulnerable industrial control systems. Plus, there is a thriving black market for “hacking as a service”.  But there is not just a growing organized hacker community. There is also a corresponding increase in preventive activities and enhanced security standards. “In the future, IT security will be a mark of quality,” says Stefan Rieck, Chief Information Security Officer at KION Group. In an article, he states that a number of proven security systems already exist. These have to be correctly combined, enhanced and then implemented at machine level.

The devil is in the detail

As is often the case, the solution is to take a systematic approach. If you take a long, hard look at all aspects of your business, carefully check and shield all access points, then you can build a protective wall against intruders – including hackers. In addition, in the IoT age, we are not just talking about access points used by humans, but by IT systems and machines.

“And when we consider that there will be ever more vehicles and machines controlled by IT systems, then clearly there are going to be new attack surfaces,” emphasizes Stefan Rieck. The convergence of automation and IT is creating new interfaces that require a corresponding awareness of security issues.

Old methods, new fields of application

The good news is that there are already reliable methods of protection available:

    • Firewalls
    • Antivirus software
    • Encrypted data transfer
    • Authentication
    • Whitelisting (only recognized programs are allowed access)
    • Collaboration with certified external partners
    • Advice and support from security experts

These “old friends” will continue to work well if applied to automation in updated form.

“IT security will be an exciting field for creative minds,” suggests Rieck. Particularly broad-based companies such as KION Group are well equipped to find robust solutions, as they employ experts from a variety of fields, from high-bay warehouses to forklift trucks, who are all working on shared (security) goals. Moreover, following the recent acquisition of automation specialist Dematic, this pool of knowledge now extends to software and connectivity.

You know your business (vulnerabilities) best

It is possible to leverage this strength. Each business is itself best placed to identify its security weaknesses. This knowledge needs to be prioritized and turned into an advantage. Any company looking to protect itself against hackers should therefore address the following five points:

    1. All existing systems should be implemented systematically and continuously evolved in line with changes to the business.
    2. Where there are new potential security issues, especially with regard to automation, it makes sense to take advantage of the experience and expertise of a service provider with a broad skillset.
    3. Security must keep pace with new developments or, even better, stay one step ahead.
    4. No security system should interfere with operational processes.
    5. The human factor remains a major risk. The question remains: who has access to what?

Related articles