DeepSec 2024 Talk: Industrial plants: IP Protection in an increasingly (de)globalized economic System – Josef Rametsteiner
Customs duties and trade restrictions are increasingly presenting companies with logistical challenges. The trend is to move production capacities to the relevant countries to be close to the customer. But how can a company safely move to an industrial plant abroad without risking the loss of its own IP (intellectual property)? By using a practical example, we show how to enable a commercially available Simatic S7 1500 PLC to keep control over the PLC program stored in the controller and its parameters. To achieve this, we implement strong cryptography within the device. The challenge here is that the device does not have the necessary functionality “out of the box”. How can we make sure that production does not take on a life of its own (secure manufacturing)? Regardless of the PLC used, industry has successfully implemented this practical example for years. Experience with programming PLC controls is not required.
We asked Josef a few more questions about his talk.
Please tell us the top 5 facts about your talk.
IP (intellectual property) protection and “secure manufacturing” especially for industrial plants, is becoming more and more a priority because of the location the production is happening. There are different ways to handle these challenges, some are more intrusive than others. Using a practical example, the challenges and solutions are shown on how to implement a cryptographical secure solution directly into the PLC without interfering with other components or the running program.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I was part of developing a solution to mitigate the risk of IP theft for a production line. As this topic is becoming more and more relevant, I want to share a possible solution.
Why do you think this is an important topic?
Local distributed production makes it harder to protect the manufacturer’s IP and production than it is on their own grounds, especially when the people handling the production cannot be fully trusted.
Is there something you want everybody to know – some good advice for our readers, maybe?
Often it is impossible to implement IT-Security Solutions to OT-Equipment. Here we offer a flexible, independent solution to solve your IP protection issue in sometimes very limited and heterogeneous environments.
Also, the talk is held in the “Tech Track” which is not recorded or documented. Therefore, the information discussed remains confidential, encouraging open and engaging conversation. We invite you to join us.
A prediction for the future – what do you think will be the next innovations or future downfalls for your field of expertise / the topic of your talk in particular?
Contracts handled IP protection and secure manufacturing in the past. Many already experienced that contracts are not enough when production moved across the world. In my opinion, it is only a matter of time before manufacturers will be confronted with unauthorized production, IP loss or any other cybersecurity fraud. Some of them have already experienced the fact that products are over manufactured (gray market) or, as another extreme, the product is on the market under a unique brand. Everybody should think about the risks of losing competitiveness if control over their IP is lost.
Josef Rametsteiner is an expert in applied cryptography and co-founder of the Munich-based security company sematicon AG. In his role as Lead Security Consultant, he handles internal product security and leads sematicon’s own “Security Response Team (SRT)”. In addition, he supports customers in the development of secure embedded products, for example in the IoT or industrial sector, with a focus on secure coding and strong cryptography.
sematicon AG is a Munich-based company that specializes in industrial security and embedded cryptography. We support you in successfully and securely mastering the digital transformation. With a focus on industry and electrical engineering, we offer specialized security solutions that we have developed based on industry requirements. Our “Zero Trust” solution, providing secure and isolated remote access to industrial plants and systems, is considered an innovation. We also support and advise you in the planning and implementation of your OT security concepts. We thus offer comprehensive security services for the industrial and electronics sectors from a single source.