The digitalization and the resulting intelligent connectivity of information, products and systems through the Internet of Things (IoT) pose new challenges for companies. Besides the undisputed advantages, the Internet of Things is at the same time increasingly the starting point and target of unauthorized access and attacks from outside. As a result, new business models and IoT-based products and services require an expanded view of security and risk management in companies.
Within the workshop "Smart but safe", the speakers Matthias Springer, Project Manager Security4Safety and Anne Mertens, Business Analyst TÜV NORD GROUP, first provided insights into the cross-industry challenges and risks which are associated with the connectivity of products and services in the Internet of Things and increasingly offer new points of attack in the field of IT. In this context, the speakers focused more closely on the social and economic risks of the fourth industrial revolution and provided an overview of the existing legal foundations and state of the art in terms of functional (safety) and IT-related (security) security. Ensuring the functional safety of processes, systems, organizations and products today is no longer sufficient for an overall secure system. Rather, a holistic view of the previously separately evaluated fields of work is required. The speaker also set examples to make this clear.
In addition, the term "properties worthy of protection" has been defined, and the process of risk assessment has been described in more detail.
In the further course of the workshop, the participants discussed in groups the properties worthy of protection for the respective solutions, companies and customers on the basis of specific products and worked out various worst-case scenarios and recommended actions in order to minimize risks. Subsequently, the results of the two groups were compiled and the identified properties were prioritized according to their relevance. While for companies image and technical device characteristics are often considered as being worthy of protection, the participants believe that from the customer's point of view, the integrity of the service, accessibility and security of access play an important role. Finally, it was discussed how the state of the art can be further developed in the future and which requirements future standards must fulfil.
The workshop attracted great interest among the participants due to the high relevance of the subject of safety and will be continued in 2018 with a follow-up workshop on the topic of data protection and privacy. The exact date and location will be announced.