Cybersecurity: Safe and smart bakery production

WP BAKERYGROUP: Connected processes

Safe and smart bakery production

Networked machines, plants and systems are a milestone on the way to Industry 4.0 in food production. The optimized flow of information increases transparency, reaction speed and efficiency – but also the vulnerability of operations. Currently, for safe food, risks stemming from IT often do not get enough attention.

+In the food industry, manufacturers and operators are increasingly relying on modular plants: they can be quickly reconfigured to flexibly manufacture a different product or optimize capacity utilization. Enterprise resource planning (ERP) software and digital representations – such as digital twins or the asset administration shell (AAS) – also promote transparency, simplify planning tasks and, in combination with new dynamized approaches, increase plant productivity.

In the European Union, the same applies to networked machine networks as to conventional systems: they must meet the requirements of the Machinery Directive (2006/42/EC), which was adopted into national law with the respective Product Safety Act. The directive primarily relates to accident prevention (safety) – i.e. occupational health and safety for workers – and thus to risks and hazards that can occur when handling the machine and must be safeguarded against. These include flour dust explosions or collisions with automated guided vehicles (AGVs).

Considering cybersecurity

These risks are predictable, quantifiable and qualifiable. Risk assessment (RA) is used to identify, analyze and evaluate potential hazards, which are controlled with suitable countermeasures. The Machinery Directive prescribes such a risk assessment. With the CE declaration of conformity and marking, manufacturers and integrators confirm that the system meets the requirements of the Machinery Directive.

However, networked systems in increasingly intelligent factories that implement the Industrial Internet of Things (IIoT) offer new points of attack for deliberate manipulation from the outside. These are temporally unpredictable and can not only have a direct impact on the machine but also on product safety.

Hacker attacks could, for example, deliberately manipulate the recipes, packaging or the declarations. This can affect the health of consumers if there are no instructions for allergy sufferers or if, for example, nuts get into a product that is declared nut-free. Cybersecurity is therefore also essential for consumer safety. In many publications, however, the role of IT security in production is sometimes reduced to securing the components of functional safety with cybersecurity measures or making an existing safety risk assessment ‘secure’. However, the usual safety risk assessments do not consider deliberate manipulation.

Keeping recipes secret and products safe

According to a survey by the German association bitkom, 88% of the companies surveyed were affected by a cyber attack in 2020 and 2021, resulting in damage amounting to more than EUR 220 billion. Hackers pursue different objectives

The SIRI Assessment systematically shows manufacturers their ‘Industry 4.0’ maturity level and helps to efficiently define the next steps

when attacking production facilities – ranging from money extortion to industrial espionage or sabotage. The possible effects are just as varied and serious.

Impaired productivity can lead to unwanted downtime. This impact is immediately noticeable. However, industrial espionage or theft of intellectual property can sometimes remain undetected for a long time. For example, recipes could be stolen that represent a unique selling proposition on the market. Manipulated temperature displays of food refrigeration or incorrect product designations impair product quality, possibly generate costly product rejects and endanger the brand image or even the health of consumers. Depending on the type of facility, a cyberattack can also put the environment, employees or other machinery at risk: an airlock that has been tampered with does not close or open in time, or an industrial robot receives incorrect feedback, resulting in a collision.

Thus, a cyberattack can affect value creation, competitive advantage, or the integrity of people, capital assets, and employees.

Risk analysis with two main ingredients

The Machinery Directive and other regulations on plant safety focus on the intended use and reasonably foreseeable misuse, from which unsafe situations must not arise. If an existing safety risk assessment is ‘made secure’ in the sense of the Machinery Directive, for example by securing all defined safety measures against cyber attacks in the event of misuse, then depending on the type of machine or plant, potentially dangerous situations resulting from manipulation can remain undetected.

For a comprehensive risk assessment, therefore, both the consequences of possible misuse and the dangers of deliberate cyber manipulation must be considered.

With the Enhanced Risk Assessment (ERA), TÜV SÜD has developed a flexible process that can also be adapted to the specific requirements of bakery production. Classic safety assessment methods, such as risk and hazard assessment or the HAZOP (Hazard and Operability) method, are combined with common cybersecurity assessment methods – for example, in accordance with the IEC 62443 series of standards. The focus is not necessarily only on accident prevention and occupational safety. Other protection goals can be defined depending on the foodstuff, system and environment.

Baked goods producers, suppliers and integrators should urgently address and prioritize the topic of IT security. Holistic safety and security are increasingly demanded in new regulations, directives and standards, as current drafts of the Machinery Ordinance show. Necessary assessments should not be postponed against the backdrop of the COVID-19 pandemic, because new security gaps may arise as a result of work in the home office and inadequately secured communication channels.

Modularizing the bakery production

CE conformity must currently be assessed manually for safety-relevant changes to the machine assembly. For this reason, all the variants likely to be required are often considered and evaluated before commissioning. This is an obstacle to flexible production in the sense of ‘plug & produce’. In an increasingly volatile market environment with frequently changing requirements, it is not possible to predict which system configurations will be needed in the future. Sometimes this means that during short production breaks, machines have to be integrated that were unknown at the time of system planning.

Thus, a business conflict has arisen between the goals of automation technology and safety technology. Currently applied safety concepts for the protection of people and capital goods analyze defined processes and secure them with static solutions. This is opposed to the goal of being able to react flexibly to different requirements and to map dynamic processes. This applies in particular to increasingly complex machines, for which cybersecurity, for example, must be evaluated in addition to classic safety.

Increasing flexibility with Smart Safety

In the communication of modular systems, the digital twin in the form of a an asset administration shell (AAS) plays a central role. Information relevant from various organizational, technical and event-dependent points of view can be stored in the AAS. The organizational content relates, for example, to Purchasing and Sales, Production, and Plant Maintenance. Alternatively, the functional category includes safety and security or operational characteristics such as reliability and maintenance effort, for example.

When a module interacts with its environment, different hazardous situations can occur, for example, due to malfunctions or human error. If the hazards and protective measures are described in the safety profile of the management shell, a digital smart safety agent can analyze the possible situations, for example during a simulation, automatically compare the detected hazards with the appropriate protective measures, and evaluate the machine safety. This makes it possible to replace components or machines during operation with very short interruptions: The hazards and protective measures associated with the new compound were automatically updated in advance on the digital level and thus the risk assessment was also renewed. The result of the digital safety assessment can be displayed graphically for approval by the operator.

The safety-relevant contents of the AAS do not only concern machine safety but also cybersecurity. After all, the safe interaction of machines, especially in a dynamic and flexible production environment, depends on the communication between the assets.

Determining the I4.0 maturity level

In order to be able to offer customers the appropriate service on the road to Industry 4.0, TÜV SÜD uses the Smart Industry Readiness Index (SIRI) to determine the I4.0 maturity level and suggests further steps for the development of the roadmap with regard to the customer-specific Key Performance Indicator (KPI). With the Enhanced Risk Assessment (ERA), a method for holistic safety and security assessment is already available today, which lays the foundation for future dynamic and flexible production environments. This enables bakery manufacturers to achieve smart, safe and economically flexible production.