The networking of machines and the means of production or devices over the internet is growing in significance and leading to a new potential for malware attacks that is not attracting enough attention in many companies’ risk management departments or in the design of networked machines.
Recent examples from the news include remotely controllable insulin pumps, WLAN routers and home controllers that, without detection by their owners, are connected by hackers to data criminals’ networks. The manufacturers of the devices as well as the companies that use them are paying scant attention. This means that routers, remotely controlled machines and work devices that are connected online or by WiFi, are considerably easier to take over than the PCs sitting on desks, which, on average, are well protected through firewalls and active cybersecurity measures.
And yet, both data privacy protection and legal obligations for active operational risk management demand that all companies employ a minimum of IT and data security. To avoid liability and damages, the firms that use such devices in industrial manufacturing are encouraged to ensure that the cybersecurity of their web interfaces are continually updated. A controversial question is whether the product monitoring obligation of the device manufacturer compels it to include online (over the air) update capabilities for their frequently long-lived products, or prohibits it from doing so because of the potential for attacks. Finally, it should be examined whether residual risks can be insured against with the aid of modern cybersecurity insurance policies.
It is important to keep in mind the pragmatic and legally sound handling of prevailing and sustainable cybersecurity needs whenever analyzing IT security and risks relating to existing networked structures or designing security for new products and services. Our extensive experience in cybersecurity auditing, in Industrial Internet projects and as a respected adviser for cybersecurity insurances make SKW Schwarz a partner for manufacturers, industry clients, and insurance companies alike.