Risk Management in Networked Production - Dangerous Side Effects

Networking poses new risks in production companies. But few companies have a systematic approach for dealing with this. This means every IT system fault has the potential to bring entire production operations to a standstill.

At East Westphalia-based family-run company Schwering & Hasse Elektrodraht this networking is now a reality: the new world of Industry 4.0. Here, 300 production machines are connected to a central management system, sending several thousand datasets per second. The entirety of manufacturing operations is monitored from a central point. If, for example, the temperature of the furnace system is not quite right, or the coating of the copper wire being produced is too thin, the associated software sounds the alarm immediately.

This technology allows the company to manufacture to a consistently high quality level. Ever-increasing cycle rates have given rise to a need for automation - with production speeds of up to a thousand metres of wire per minute, manual checks would inevitably be patchy. But nothing gets past the sensors on the machine. “Our quality assurance is cutting-edge”, says Managing Director Andreas Levermann.

But networking has a darkside too. Every IT system fault now has the potential to bring entire production operations to an immediate standstill. And the new data pool reveals a lot about company’s know-how - devastating, if it were to end up in the wrong hands. Levermann relies on a preventative approach: “We check the security of our production on a regular basis. One of the ways in which we do this is by simulating hacker attacks.”

Many companies treading the path of networked production are far from adopting as pro-active an approach. Experts warn of a widespread lack of any systematic approach to dealing with the risks. IT security is just one aspect in this - for example, the increased use of robots brings with it the emergence of new occupational safety risks. There is also a need for economic and strategic considerations. “Companies would be well-advised to bring their risk management into line with Industry 4.0 ahead of time”, says Dirk Schäfer, Managing Director of Kerkhoff Consulting.

“The first question should be, what will my business model look like in 2025”, says the consultant. After all, the digitisation of all branches of industry is placing new demands on physical products too - even making them redundant in extreme cases. “Many companies underestimate the risk that their product could be replaced with a smartphone, like a car-park ticketing machine in the age of the mobile ticket.”

Separate areas of protection needed
Only once a company’s own product is shown to be future-proof in strategic analysis will the technological switch to Industry 4.0 be worthwhile. This does, however, increase dependency on IT systems - which triggers uneasiness in many companies, this was one of the findings of a survey conducted by industrial insurance broker Marsh: 79 per cent of the 260 companies surveyed in Germany stated that an operational or system disruption posed the greatest cyber risk to them.

Yet, despite the scenario being present  - the consequences of such a halt in production are often misjudged, observes Marco di Filippo, security expert at the IT service provider Koramis. Many assume that they could cope financially with a shutdown in operations lasting anything from a few hours to a few days, he says. Often however it is only the shutdown in production which is taken into account, says di Filippo. The fact that subsequent costs can also be involved, is demonstrated in an example from Canada. There, a cookie factory fell victim to a cyber attack. The hackers meddled with the control software in such a way that the dough got stuck in the pipes and needed to be painstakingly cut out.

Many managing directors are also guilty of misunderstanding the risk of attracting the attention of hackers. Many say: “there’s nothing to gain from us, we aren’t worth targeting”, reports di Filippo. But that’s not the way the logic of the hackers works: they attack in the path of least resistance, says di Filippo. He goes on to compare them with bank robbers: “They wouldn’t pick the central bank as a target if they knew of far easier opportunities in a small bank branch out in the country.”

If a hacker gets into the computer system in the first place, he/she can often move freely within it. “Often there is a lack of segmentation”, says di Filippo. This protects individual production sections separately - as would be the case with locked rooms within a house. “But many companies are under the illusion that they are protected as long as the front door is locked”, says the expert. He recommends changing IT security service provider every two years in order to gain a fresh insight into your own security architectures.

However, he stresses that it is not just the dangers from outside that risk managers should bear in mind. The new production logic of Industry 4.0 poses new requirements in terms of occupational safety too. “Increasingly, manufacturing companies are producing custom products with a rapid turnaround”, says Arndt Christ, Head of Customer Service with automation specialist Pilz. The result? More and more robots are being used, rigid production lines are being broken up. “This poses new safety risks in production”, confirms Christ.

The company offers a solution whereby man and machine can work together in safety without the usual protective guards. This is based in optoelectronic sensor technology: Equipped with these sensors, the robot detects when a flesh-and-blood worker is approaching. Once a certain distance is exceeded, the robot works with only so much dynamism so as not to injure the anyone. If necessary, it is brought to a complete stop. “The risk of occupational accidents is reduced to a minimum”, says Christ.

Imprint & Privacy Policy – Kerkhoff Cost Engineering GmbH – +49 211 6218061-0 – Elisabethstr. 5 – 40217 Dusseldorf (Germany)