Industry 4.0: Cyber-Security Challenges on the Horizon

Speaker 2Speaker 3

Oliver Winzenried | Co-Founder and CEOoliver.winzenried@wibu.com

Threats in Industry 4.0 and IoT

Impact on medical equipment

Solutions

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 2

Threats in Industry 4.0 & IoT

Security & Piracy

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 3

Security Problem: Threats Today

2015-04-21

Manipulation & Tampering Cyber-Attacks: Stuxnet, Duqu, Flame, … FAZ 31.03.2014: Computer Criminals

earn more than drug dealers Espionage: NSA, Prism, Tempora, … Industrial espionage

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 4

Security Problem: Threats Today

Cyber-Attacks (German Television, January 14, 2015)

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 5

Piracy Problem: Latest Studies

2015-04-21

German Engineering Federation (VDMA) 2014: 7.9 Billion € piracy losses in 2013 9 of 10 companies affected 71% affected by piracy

51% affected by piracy of complete machines

JMF-Study: Losses in Japan 1.8 times higher (2013) BSA-Study: Losses 63 Billion US$, globally 42%

2003 2006 2007 2008 2010 2012 2014

50%

66% 67% 68%62%

67% 71%

N=337

Is your company

affected

by product or brand

piracy?Yes

:71%

No:29%

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 6

Piracy Problem: Latest Studies

2015-04-21

German Engineering Federation (VDMA) 2014: Source of counterfeiting

Economic espionage

Blackmail or theft

Industrial espionage

Legal disclosure

Loss of know-how

No specific information required

Reverse engineering

0%

1%

15%

18%

31%

42%

72%

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 7

Impact of Industry 4.0on Medical Equipment

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 8

Trends towards large Networks and increased Connectivity -> Security

2015-04-21

Departments

Large networks

WWW

Single Workstations

Sender

Remote Monitoring

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 9

All kind of Medical Equipment -> Security & Piracy

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 10

Impacts on Medical Equipment using Embedded Systems

Increased functionality achieved through software Piracy -> easy to counterfeit and reverse engineer

Software monetization -> use of licensing for new business models

Security is a Must! Connectivity increases speed, efficiency and quality but risks as well

Pro: faster diagnostic, remote diagnostic, lower cost sharing information & resources

Contra: risk of tampering equipment and data as well as privacy of patients’ data

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 11

Advantages of Software Monetization

2015-04-21

Reduced number of product designs

High, mid and low ranges covered with one product

Reduced production complexity & investment

Fewer production lines, consolidated component purchase

Reduced Inventory costs

Lower level of finished goods

in stock

Simple upgrade of product features

in the field

Upgrade all products in the field with the same

software revision

Simplified technical support and maintenance

Customer team supports only the

latest software version

Cost effective and real-time product

upgrade

Sell an upgrade and activate new features in real-time

Enablement of new business models

Pre-, Post-Paid and Pay-per-useproduct offerings

Automated sales process with ERP

integration

Simplified integration with

ready connectors

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 12

Solutions

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 13

Technical Solutions

2015-04-21

Know-how Protection -> using data and program code encryption IP in embedded systems, PLCs, devices, IoT IP in software, source code and algorithms, in production data and service documents

Software and Product Protection -> encryption & unclonable crypto keys Counterfeiting reduction, prevention of unauthorized use (active and passive)

Flexible Licensing -> using target encryption and business process integration New business models for features and data, simplify logistics, monetize software in hardware

Tamper Protection -> using digital signature Prevention of manipulation – Cyber-Security

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 14

CodeMeter - Overview

2015-04-21

CodeMeter Key Storage (Hardware / Software)

License Models

Software Integration Automatic Code Protection / API

Backoffice Integration License deployment

License administration

Software Integration

Back Office Integration

Protection Suite: Ax/Ex/Ix-Protector

CodeMeter License Central

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 15

Scalable Solution with CodeMeter

2015-04-21

CodeMeter Embedded

Personal Computer

Industrial PC

Embedded System

Mobile / Tablet

Control Equipment / PLC

Microcontroller

Field Programmable Gate Array

High Power

Small Size

CodeMeter Runtime

CodeMeter µEmbedded

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 16

Wibu-Systems Protection Suite - Overview

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 17

Wibu-Systems Protection Suite – Protection Process

2015-04-21

Prot

ecte

d Ex

ecut

able

/ Li

brar

y

Orig

inal

Exe

cuta

ble

/ Lib

rary

Header

Original Code

Header

Encrypted Code

Credentials(Hash, Signature, …)

ExProtector

Keys for Encryption and Code Signing

AES Key (FSB)

ECC Private Key

Certificate(s)

Encrypted Random AES Key

Firm Code | Product Code

Hash

Signature

Certificate(s)

ExProtector

Credentials(Hash, Signature, …)

01.05.2023 Schutz und Sicherheit für Anlagen, Maschinen und Embedded Systeme 18

ExProtector – Integration in the Operating System Loader

Operating System

ExEngine(ExProtector Runtime)

CodeMeter Embeded Driver

Operating System(Original)

Engineering

Modified LoaderOriginal Loader

Root Public Key

01.05.2023 WIBU-SYSTEMS AG 19

Secure Boot

Protected Operating Systems / Runtime

Protected Bootloader

Anchor of Trust

Protected Application (Binary Code)

ExEngine(Security Engine)

ExEngine(Security Engine)

ExEngine(Security Engine)

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 20

Wibu-Systems Protection Suite – Integration in OEM solutions

2015-04-21

Integration in Development Tools:

Ease-of-use Complex protection schemes Support of Standards

Back office Integration

Create, administrate and deploy licenses

Integrate in ERP, CRM, e-commerce and Cloud

Usage Tracking and Compliance

2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 22

Back office Integration: CodeMeter License Central

2015-04-21

ERP

Http

Soap

Lice

nses

Key

Acco

unts

StatisticsSupport Items

User

Order

Shop

Browser

ConnectorGateway

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 23

Back office Integration: CodeMeter License Central

2015-04-21

Create, administrate and deploy Licenses Ease of use for the end user

Integration in licensed software

License transfer

Usage tracking and monitoring -> compliance & billing

Cost reduction for the ISV / OEM Integration in ERP, CRM and e-commerce solutions

On-premise or cloud solution

Secure Key Storage

CmDongles

CmActLicenses

Network License Server

2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 24

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 25

CmDongle – Security with secure smart card chip

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 26

CmActLicenses: Software-only solution bound to a target device

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 27

License use or distribution over the network or from the Cloud

2015-04-21

One solution, CodeMeter, for all three scenarios

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 28

WIBU-SYSTEMS

2015-04-21

Company Overview

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 29

1989...2015: More than 25 years in business

2015-04-21

Founded in 1989 By Oliver Winzenried and Marcellus Buchheit Headquarters in Germany (Karlsruhe) Focus on Protection, Licensing and Security Technological leader with international patents ISO 9001:2008 certified

WIBU-SYSTEMS worldwide Subsidiaries in Seattle, USA – Shanghai and Beijing, China – Belgium

– France – Ireland – Netherlands – Portugal – Spain – UK Exclusive distribution partners in Japan – Korea – Russia and many

more countries Top 2 vendor in hardware-based protection Top 3 vendor in software licensing Global Awards

WIBU-SYSTEMS AG

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 30

1989...2015: More than 25 years in business

2015-04-21

1989...2015: Memberships & Co-operations

2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon

Developer Programs

R&D Projects

Organizations

Standardization

2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 31

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 32

1989...2015: Customers and Partners

2015-04-21

MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 33

1989…2015: Latest Activities and Awards

2015-04-21

German National IT Government Summit,Hamburg, October 2014 Wibu technology in Industry 4.0 demonstration

of IFX, DTAG, Belden and Wibu-Systems

SIIA CODiE Award 2014 Winner Best Content Delivery

German IT Security Award from Horst Goertz Foundation Winner 1st prize with KIT (100,000 €)

Deutschland: +49-721-931720

USA: +1-425-7756900

China: +86-21-55661790

http://www.wibu.com

info@wibu.com

Deutschland: +49-721-931720

USA: +1-425-7756900

China: +86-21-55661790

http://www.wibu.com

info@wibu.com

01.05.2023 WIBU-SYSTEMS AG 34