Digitalisation has its price. The networking of people, machines and companies not only increases productivity and sustainability, but also raises the risk of a cyber-attack. Heinz-Uwe Gernhard is head of the VDMA Security working group and in his principal occupation is responsible for IT security at Robert Bosch in Stuttgart. In an interview he reveals his recipe for success: vigilance training for cyber-attacks.
Heinz-Uwe Gernhard
Mr Gernhard, has cyber security awareness increased?
Heinz-Uwe Gernhard: Yes, but not to the extent that I expected when we launched the Security Working Group in 2012. There is still urgent need for action because Germany and the EU are demanding measures for greater protection against cyber-attacks, including in production, in the form of laws and regulations. Deploying additional IT is certainly one way of achieving this. But without the necessary knowledge and organisational skills, this alone will not be enough to reach the necessary security levels. Industry 4.0 developments are certainly helpful here, but unfortunately cyber security is just one of many aspects.
What do you recommend to newcomers in this field?
Heinz-Uwe Gernhard: Just start taking precautions, both technical and organisational. It's a bit like the annual flu epidemic. You have a higher risk of getting it without a flu job. In today's networked world, no one is safe from cyber attacks. There needs to be a change of heart here.
What measures should companies undergoing an Industry 4.0 digital transformation process take?
Heinz-Uwe Gernhard: This is a task for management – clear and simple. The managers must identify the risks that are attached to networking and then define suitable measures. With regard to production technology availability, they must understand the risk of considerable damage being done. Interconnectivity means that nobody is immune. If you follow the trade press, there is a constant stream of news items on this – such as that of a cyber attack practically paralysing the IT of a specialist safety and control technology company. The company decided to go public with the incident. I think that's important and it's the right approach because we are all in the same boat.
To what extent can networks such as the VDMA Security Working Group, which you spearhead, help in this?
Heinz-Uwe Gernhard: We take a proactive approach by clearly identifying the risks and providing assistance on a wide range of issues. I think it is crucial that we work together to ensure transparency across association boundaries. The Industry 4.0 platform link also offers a good starting point www.plattform-i40.de.
What do you think of the new buzzword "cyber resilience" which is now making the rounds?
Heinz-Uwe Gernhard: This is the right approach, because awareness offers the best protection for this type of threat. Every user of cyber technologies should be cyber resilient.
Where do you think we are right now with security IT?
Heinz-Uwe Gernhard: Let me make a comparison with road vehicles. In 1920, motorists needed a completely different level of risk awareness to today's drivers because cars now demand much less attention as a result of all the built-in systems. The vehicles themselves and the infrastructure make driving today much less risky. Our IT is currently at the level of a 1920s car in terms of the inherent risks. It requires a high level of attention from users and a wide range of knowledge. Awareness is a key topic right now.
Isn't that scaremongering?
Heinz-Uwe Gernhard: No, it's not scaremongering, at all. Marc Elsberg's novel Blackout plays through various scenarios. The technical aspects he includes are not fictional, but reflect the current realities. He has merely packaged them in an exciting fictional work. The Government is also getting involved in the form of the IT Security Act (Kritis), which is currently being revised.
After studying Communications Engineering at TH Darmstadt, the young graduate Heinz-Uwe Gernhard (born 1957) joined the SEL electronics group as a developer In 1983,. From 1987 to 2017 Gernhard worked on the development of control technology at today's Bosch Rexroth Electric Drives and Controls GmbH in Erbach. He has been working in the central IT Security and Application (C/TED1) department at Robert Bosch GmbH in Stuttgart since 2017. Gernhard specialises in risk management and IT security for manufacturing.