https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Getty Images

Industrial security

Why TÜV SÜD Says It Is an Industrial Cybersecurity Leader

The international testing firm is positioning itself as a neutral and nimble industrial cybersecurity authority.
  • Written by Brian Buntz
  • 28th November 2018

MUNICH—Some 67 percent of all companies are affected by security incidents each year, said Andy Schweiger, the managing director of cybersecurity services at TÜV SÜD, the international testing, certification and training organization. And the “era of script kiddies is gone,” Schweiger said, referring to the aspiring hacker wannabes who rely on online resources to launch cyberattacks. “[The script kiddies who] were making headlines 10 to 15 years ago are now grown up,” he added. As a result, current cyberattacks tend to be more damaging. State actors have assumed a greater role in launching attacks and developing malware, which occasionally leak as in the case of the EternalBlue exploit, giving underworld hackers the ability to launch exceptionally damaging attacks. And some attackers are leveraging machine learning for subterfuge and identifying vulnerable targets.

To deal with the challenge, TÜV SÜD, like UL in the United States, is increasingly positioning itself as an authority in industrial cybersecurity. There are five reasons TÜV SÜD is up for that task, said Schweiger in a presentation as part of a Siemens cybersecurity press junket here. First, it is knowledgeable about the evolving regulatory requirements, such as GDPR, that relate to cyber. (On a related point, manufacturers mass-producing IoT-connected gadgets find themselves potentially liable for the damages caused by wide-scale cyber-exploits to their products). Second, the organization keeps a close eye on the current threat landscape. Third, it has built up a solid team of cyber experts. Fourth, it is neutral and objective. And finally, it claims to be a proverbial “one-stop shop” for cybersecurity.

[IoT World is the event that takes IIoT from inspiration to implementation, supercharging business and operations. Get your ticket now.]

The organization’s English tagline is: “Add value. Inspire trust.”

TÜV SÜD has worked to quickly build up a team of some 30 plus cyber experts in a six-month time frame. If there is a central goal to its cyber approach, it is to enshrine cyber strategy over tactics. “There are thousands of brands,” said Schweiger, speaking of the cyber vendor landscape. “The promise is: You buy the next appliance, and you will be more secure,” he said. “But that is not necessarily true.”

In fact, an organization that buys dozens of security appliances and has a cybersecurity team of roughly a dozen could find itself less secure. Instead of having a comprehensive cybersecurity strategy, it would likely have a patchwork defense that leaves them vulnerable.

Schweiger said that TÜV SÜD’s status as a provider of cybersecurity services rather than products makes it more nimble than product providers. If a new vulnerability emerges, the company can swiftly adapt to develop strategies to address it.

Its core cybersecurity services fall under four domains, data protection (such as data protection consulting and data destruction), commercial transaction security, industrial cybersecurity (such as AI-based security testing and network anomaly detection) and expert services (such as attack service detection, risk exposure assessment and penetration testing).

In the industrial realm, the company works to help organizations’ OT and IT departments converge rather than flatly declare that each is simply different from the other. “If you attach an OT to IT system, all of the challenges of the IT system come over to the OT system,” Schweiger said. The organization also says it helps to optimize OT and IT efficiency and reuse customer internal processes with shared best practices.  

Related Content

Industrial Cybersecurity Is a Puzzle as IT and OT Converge

Risk is an equation comprised of an asset, a vulnerability and a threat, said Stefan Laudat, ‎information security manager at TÜV SÜD Sec-IT GmbH. But unlike in traditional IT security, industrial cybersecurity cannot just put data, productivity and system availability at risk but can potentially threaten human lives or cause injuries. An industrial environment that includes potentially vulnerable critical infrastructure can impact surrounding communities. And prominent aerospace companies, for instance, are testing exoskeletons to allow their workers to lift heavy objects. If one of these devices were breached or maliciously configured, it could pose a grave threat to its wearer.

The current cyberthreat level in the industrial space is moderate to high, Laudat said. While current actors are more or less dormant, they are investing substantial money in researching industrial-focused attacks while the cost of launching such exploits is steadily falling. Sites like Shodan make it simple for attackers to do reconnaissance on potential industrial targets.

The scope of vulnerabilities in industrial environments can also be considerable in industrial environments, given typically weak access control systems, the preponderance of proprietary protocols, a limited regulatory framework, complex supplier networks and generally low IT security awareness. In addition, the widely used IoT protocol MQTT is lightweight, resilient and insecure, Laudat said. And the long lifespan of many connected industrial devices can expose them to substantial vulnerabilities over time.

In some cases, the organization advises its industrial clients to avoid digitization and stick with analog technologies when the potential cyber threat is unacceptable.

TÜV SÜD’s cyber approach does not rely on conventional audits, where one or two experts will travel to a company and perform interviews. “The answers come out of the interviews. In the best case, they are biased. In the worst case, they just tell you what they want,” Schweiger said. But the organization’s cyber approach relies on automation to gauge its clients’ cyber risk. “The system doesn’t lie to us,” he added.  

 

Tags: IIoT/Manufacturing Security Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Supply Chain Analytics and IoT Loom Large in Wake of 2020 Disruption
    The COVID-19 crisis has made disruptive events par for the course. Supply chain analytics, digital twins and other tools have become key to understanding and predicting disruption.
  • IoT App Development Gets Agility Boost From Container Technologies
    IoT app development has clamored for greater agility, productivity and security. Container technologies can realize those benefits.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Securing IoT at the Edge Is Key to Safe IoT Operations
  • Industrial Transformation Faces Rocky Road in 2020
  • Adoption of the Internet of Robotics Things Accelerates
  • Building a Foundation for AI in Cybersecurity

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022
IoTWorldToday, IoTWorldSeries

IoT Product Roundup: PTC, Nokia, Arm and More dlvr.it/SQhNNF https://t.co/ZApdw3RHdu

19th May 2022
IoTWorldToday, IoTWorldSeries

Britain’s postal service has plans to run a fleet of autonomous #drones to make rural postal deliveries easier.… twitter.com/i/web/status/1…

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X