LIFTjournal 2/2020

Elevation made simple Portfolio 2020 WWW.SERAPID-LIFTSYSTEMS.COM Powered by RIGID CHAIN TECHNOLOGIE In recent years, the sensitivity regarding IT security has grown – also in the lift industry. It’s not difficult to understand why. But how can companies protect themselves against cyber-attacks? T he increasing networking of digitalisati- on in companies, i.e. in their administra- tion, production and products, repre- sents a growing security risk. More networking automatically also means larger attack sur- face. But it also means that an actually uncri- tical – and therefore less protected – element within a network can be attacked, in order to penetrate critical infrastructure. This networking does not have to be any classical physical network. It can also involve a person. Spying out a password in domain A, e.g. a private smartphone, might be sufficient for the attacker to log in to another domain, e.g. the lift control. PEOPLE ARE THE BIGGEST RISK As this simplified example shows, the following applies in general: people represent the big- gest security risk in IT security – irrespective of whether it is negligently using the same pass- word on their mobile phones or in the lift control. As a result, the threat situation and so-called attack vectors (methods/strategy of an attack) of cyber-attacks in the lift industry do not differ from other sectors and incidentally not from those in the private environment either. Everyone – you too – has already been the victim of cyber-attack. You may not even have noticed it or the attack was fortunately unsuc- cessful, but you were the focus of an attack. Most of the attacks occur in automated form through the dispatch of e-mails – nowadays, an everyday threat. These e-mails misguide with partially well- made methods and psychological tricks – in the meantime, attackers adapt to e-mail histories and contents actually composed by the victim – thus getting the victim to open an attachment or a link. In many cases, this then means the IT security of the system has been breached. Nevertheless, the user may not serve as an ex- cuse. Apart from infrastructural IT security, the new digital systems must configure IT security to ensure it guides users to secure behaviour. IT SECURITY IN THE LIFT SECTOR Our sector with the lift as end product and an aggregate of many components has always had a special sensitivity for the subject of security. But IT security also needs to become far more important in the lift industry. This is because a successful cyber-attack on a lift would re- sult in a considerable loss of trust in our joint product – the lift. The megatrend “digitalisation” will play a great role here. We should not sacrifice the advantages of a sector that is networked, autonomous and endowed with artificial in- telligence on account of reservations relating to IT security. Instead, we have to make them possible with modern security solutions. ⇤ You can find a checklist for IT security on our website. lift-journal.com/checklist PHILIPP BRÜSSLER The author is a qualified industrial engineer and works as IT project manager at Kollmorgen. Mit der Vermessung von Risiken kennen sich Versicherer beson- ders gut aus. Diese stellen in einer aktuellen weltweiten Um- frage fest, dass Risiken, die die IT-Sicherheit betreffen, erstmals die größte Gefährdung für den Geschäftsbetrieb darstellen. Insurers are especially familiar with risk assessment. In a cur- rent survey, they recently dis- covered that risks involving IT security for the first time now represent the biggest threat to business operations. Graphic: © Allianz 09 PERSPEKTIVEN  PERSPECTIVES