Safety and Security for Smart Production
The project “Safety and Security for Smart Production” (SS4SP) aims to study, design and implement innovative procedural and technological solutions to improve information security, operational continuity and safety of the Industry 4.0 plants. In an increasingly interconnected context, the project intends to improve the competitiveness of companies allowing them to enrich their plants with innovative features and new business models while ensuring maximum security and resilience of the plants. In this way, procedural, cultural and technological investments in security will allow the manufacturing companies of the territory to confirm or improve their market positioning even in an international context thanks to the satisfaction of standards and normative constraints that are emerging in the cyber industrial environment. To reach these objectives, the project intends to tackle both procedural and methodological areas and technological challenges through the definition and testing of the best solutions identified in real contexts. It is expected that, given the extremely innovative nature of the project, the results can have concrete and long-term effects not only within the participating companies, but throughout the regional and national manufacturing tissue.
Scope of the proposal
The Industry 4.0 paradigm enables both flexible production models and innovative B2C and B2B services, allowing the monitoring and control of plants, products and production processes even remotely. However, the spread of interconnections and integration of software solutions in “always on” plants exposes the world of Operational Technology (OT) to completely new security and safety risks that previously mainly involved IT. Individual IT attacks have blocked the production and logistic processes of many companies, causing economic losses of millions of euros that exceed the known damages related to the more traditional data stealing and fraud. Emilia-Romagna represents one of the manufacturing hearts of Europe and, therefore, its manufacturing tissue is extremely vulnerable to new threats that can cause serious repercussions in economic and reputational terms with consequences on competitiveness, market share and employment.+
Although there are many solutions and standards for “traditional” information security mainly oriented to information security (first of all, the ISO 27001 standard), those that can be successfully applied to industry are to be identified, evaluated and applied to the real world. The first standards are emerging (for example, the IEC62443 family), although they are at the level of specifications that will be concretely declined in the various levels within a manufacturing company: from management systems for the security and resilience of OT systems, to the security by design of complex and interconnected production systems, up to the security of the software of individual components. Of particular interest are the plants whose activities cannot be interrupted during the production process if not with serious consequences on the business.
Goals of the proposal
The SS4SP project aims to study, design and implement innovative solutions to improve the cyber security and cyber resiliency of production plants of different types and sizes, but typically characterized by the requirement of always on and, in some cases, safety. The project therefore proposes to improve the competitiveness of the companies involved following a triple objective:
- reduced exposure to cyber risk;
- prevention and mitigation of the consequences on safety and business continuity of cyber attacks that could have serious economic, contractual and legal impacts;
- adaptation of operating procedures to best practices that are likely to be implemented and made obligatory by the upcoming cyber safety and security standards.
In particular, two specific objectives are expected to be achieved.
The first consists in the identification of a series of best practices and management solutions that allow the evaluation of the level of computer security and safety of a single machine and a connected system in relation to existing standards and aiming to anticipate the regulations and standards being emitted.
The second consists in the identification and implementation of procedural and technological solutions that allow the design, production and implementation of production systems and interconnected plants and that are able to offer functions of monitoring, remote control and, possibly, reconfigurations and updates ensuring the highest level of security in terms of operations, safety and information in full compliance with regulations and standards relating to the industrial world.
- Alma Mater Studiorum Bologna
- IMOLA INF
- Università degli Studi di Ferrara – MechLav
- UNIMORE – CRIS