Interview Thomas Pilz: Cyberattack victim - Fight like Rocky!

Thomas Pilz, CEO of Pilz Automation talked with Smart Industry about how it feels to be a cyberattack victim and what he thinks is the best way to defend against cybercriminals.

What’s the difference between machine safety and industrial security?

It’s basically two sides of the same coin: one is safety, the other is security. They look the same but they’re totally different.

How have IoT and Industry 4.0 changed the focus of cybersecurity?

They have caused a complete paradigm shift. In the past, security only concerned office environments; now, it has become vital for OT [operational technology] – the stuff that monitors and manages industrial process assets, as well as manufacturing and industrial equipment. Pilz’s technology is not only used to make industrial plants safe but also appears in places like the London Eye, cable cars, and luggage conveyors. Tell us about some of your projects.

Our projects spread across all the industries you mentioned – and we haven’t even talked about the biggest one of all, which is ski lift manufacturing. The next time you’re in the Alps or the Rockies and you’re sitting in a Doppelmayr ski lift, please note we proudly supply the controls that make them carry you smoothly to the top. We also have our fingers in the food and beverage industry, just to name one.

What about service robots, an area you recently entered?

Service robots assist either a human or another robot to perform dedicated manufacturing tasks. This is an exciting field that’s only been around now for six or seven years. Currently, we are making it ft into everything from nursing homes to supermarkets or industrial welding, as well as into manual assembly stations. That’s what makes the field of service robots so fascinating.

We were forced to rebuild our it infrastructure from scratch!
_{Thomas Pilz, CEO of Pilz Automation (Image Credit: Pilz Automation)}

One of your credos is “protecting people from machines is not enough. Machines must also be protected from people.” Would you please explain?

Let me start with a statement from China’s president Li Keqiang, who said that without cybersecurity there is no national security. Break that down to the OT shop floor and it means that without cybersecurity, there is no machine safety. Unfortunately, cybercriminals have found out that the Internet of Things and Industry 4.0 with their new and emerging IT infrastructures are prime targets. That’s why you now also have to protect your machines from cybercriminals.

Oddly enough, your own company was the victim of a widely reported cyberattack in October 2019, which involved a very sophisticated Trojan horse and ransomware, which seems to prove that it can happen to anyone. What does it feel like to be the victim yourself?

You feel like Rocky being punched in the face by the big Russian, falling down, getting back up again, and fighting on as hard as you can to win that bout. That’s how it feels.

In an interview, Susanne Kunschert, your sister and managing partner, said the company emerged from this disaster stronger than ever. How so?

We were forced to rebuild our IT infrastructure from scratch. We introduced new ways of segmenting, we introduced technologies, and we switched to the cloud. That was a real game changer. We implemented Microsoft Office 365, first on our smartphones and then on our new, hardened computers. Within only five weeks we were back up and running. It was a heck of a job but we succeeded. When the Covid-19 lockdown came and the government imposed mobile work requirements, we were prepared from the get-go.

What can the readers of Smart Industry learn from your experience?

First that functional safety is not security. Pilz is not a security company but we have learned a lot and are prepared to give expert security advice at the OT level. You need to get involved in security before you get hacked because, after all, the question isn’t will you get hacked, but when. We work with a company that specializes in cybersecurity and that enabled us to hit back hard.

The second lesson is to work with your local law enforcement authorities. They have really good networks themselves and, in our case, the German police, Europol, Interpol, and the FBI worked together to take down the group that devised the shield under which it penetrated our systems undetected.

Finally, the third lesson is that, today, crime is a service; it’s a business model that thrives on ransom payments. So, don’t pay up – ever! The criminals need the money and, if we dry up the flow, it becomes uneconomical.

READ MORE ARTICLES