Industry 4.0: Cyber-Security Challenges on the Horizon

Industry 4.0: Cyber-Security Challenges on the Horizon Threats in Industry 4.0 and IoT Impact on medical equipment Solutions Oliver Winzenried Co-Founder and CEO oliver.winzenried@wibu.com

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 2 Threats in Industry 4.0 & IoT Security & Piracy

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 3 Security Problem: Threats Today Manipulation & Tampering Cyber-Attacks: Stuxnet, Duqu, Flame, FAZ 31.03.2014: Computer Criminals earn more than drug dealers Espionage: NSA, Prism, Tempora, Industrial espionage

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 4 Security Problem: Threats Today Cyber-Attacks (German Television, January 14, 2015)

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 5 Piracy Problem: Latest Studies German Engineering Federation (VDMA) 2014: 7.9 Billion piracy losses in 2013 9 of 10 companies affected 71% affected by piracy No: 29% 51% affected by piracy of complete machines Yes: 71% 50% 66% 67% 68% Is your company affected by product or brand piracy? 67% 71% 62% JMF-Study: Losses in Japan 1.8 times higher (2013) BSA-Study: Losses 63 Billion US$, globally 42% 2003 2006 2007 2008 2010 2012 2014 N=337

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 6 Piracy Problem: Latest Studies German Engineering Federation (VDMA) 2014: Source of counterfeiting Reverse engineering 72% No specific information required 42% Loss of know-how 31% Legal disclosure Industrial espionage 18% 15% Blackmail or theft Economic espionage 1% 0%

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 7 Piracy Problem: Latest Studies VDMA Video about Product Piracy

Impact of Industry 4.0 on Medical Equipment 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 8

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 9 Trends towards large Networks and increased Connectivity -> Security WWW Large networks Departments Sender Remote Monitoring Single Workstations

All kind of Medical Equipment -> Security & Piracy 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 10

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 11 Impacts on Medical Equipment using Embedded Systems Increased functionality achieved through software Piracy -> easy to counterfeit and reverse engineer Software monetization -> use of licensing for new business models Security is a Must! Connectivity increases speed, efficiency and quality but risks as well Pro: faster diagnostic, remote diagnostic, lower cost sharing information & resources Contra: risk of tampering equipment and data as well as privacy of patients data

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 12 Advantages of Software Monetization Reduced number of product designs Reduced production complexity & investment Reduced Inventory costs Simple upgrade of product features in the field High, mid and low ranges covered with one product Fewer production lines, consolidated component purchase Lower level of finished goods in stock Upgrade all products in the field with the same software revision Simplified technical support and maintenance Cost effective and real-time product upgrade Enablement of new business models Automated sales process with ERP integration Customer team supports only the latest software version Sell an upgrade and activate new features in real-time Pre-, Post-Paid and Pay-per-use product offerings Simplified integration with ready connectors

Solutions 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 13

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 14 Technical Solutions Know-how Protection -> using data and program code encryption IP in embedded systems, PLCs, devices, IoT IP in software, source code and algorithms, in production data and service documents Software and Product Protection -> encryption & unclonable crypto keys Counterfeiting reduction, prevention of unauthorized use (active and passive) Flexible Licensing -> using target encryption and business process integration New business models for features and data, simplify logistics, monetize software in hardware Tamper Protection -> using digital signature Prevention of manipulation Cyber-Security

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 15 CodeMeter CodeMeter - Overview Key Storage (Hardware / Software) License Models Software Integration Automatic Code Protection / API Backoffice Integration License deployment License administration Protection Suite: Ax/Ex/Ix-Protector Software Integration Back Office Integration CodeMeter License Central

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 16 Scalable Solution with CodeMeter Personal Computer Industrial PC High Power CodeMeter Runtime Embedded System Mobile / Tablet CodeMeter Embedded Control Equipment / PLC Microcontroller CodeMeter µembedded Field Programmable Gate Array Small Size

Wibu-Systems Protection Suite - Overview 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 17

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 18 Wibu-Systems Protection Suite Protection Process Original Executable / Library Header Original Code AES Key (FSB) ECC Private Key Certificate(s) Keys for Encryption and Code Signing ExProtector Header Encrypted Code Credentials (Hash, Signature, ) Protected Executable / Library Encrypted Random AES Key Firm Code Product Code Hash Signature Certificate(s)

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 19 ExProtector Integration in the Operating System Loader Operating System (Original) Operating System Original Loader Modified Loader Engineering ExEngine (ExProtector Runtime) CodeMeter Embeded Driver Root Public Key

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 20 Secure Boot Protected Application (Binary Code) Protected Operating Systems / Runtime ExEngine (Security Engine) Protected Bootloader ExEngine (Security Engine) Anchor of Trust ExEngine (Security Engine)

Wibu-Systems Protection Suite Integration in OEM solutions Integration in Development Tools: Ease-of-use Complex protection schemes Support of Standards 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 21

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 22 Back Office Integration Create, administrate and deploy licenses Integrate in ERP, CRM, e-commerce and Cloud Usage Tracking and Compliance

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 23 Back office Integration: CodeMeter License Central Shop Licenses Http Soap Order ERP Key Accounts Statistics Support Items User Browser Connector Gateway

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 24 Back office Integration: CodeMeter License Central Create, administrate and deploy Licenses Ease of use for the end user Integration in licensed software License transfer Usage tracking and monitoring -> compliance & billing Cost reduction for the ISV / OEM Integration in ERP, CRM and e-commerce solutions On-premise or cloud solution

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 25 Secure Key Storage CmDongles CmActLicenses Network License Server

CmDongle Security with secure smart card chip 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 26

CmActLicenses: Software-only solution bound to a target device 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 27

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 28 License use or distribution over the network or from the Cloud One solution, CodeMeter, for all three scenarios

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 29 Security: a short explanimation Explanimation about security in Embedded Systems Watch online at www.wibu.com/cms

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 30 WIBU-SYSTEMS Company Overview

1989...2015: More than 25 years in business WIBU-SYSTEMS AG Founded in 1989 By Oliver Winzenried and Marcellus Buchheit Headquarters in Germany (Karlsruhe) Focus on Protection, Licensing and Security Technological leader with international patents ISO 9001:2008 certified WIBU-SYSTEMS worldwide Subsidiaries in Seattle, USA Shanghai and Beijing, China Belgium France Ireland Netherlands Portugal Spain UK Exclusive distribution partners in Japan Korea Russia and many more countries Top 2 vendor in hardware-based protection Top 3 vendor in software licensing Global Awards 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 31

1989...2015: More than 25 years in business 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 32

2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 33 1989...2015: Memberships & Co-operations Developer Programs R&D Projects Organizations Standardization 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon

1989...2015: Customers and Partners 2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 34

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 35 1989 2015: Latest Activities and Awards German National IT Government Summit, Hamburg, October 2014 Wibu technology in Industry 4.0 demonstration of IFX, DTAG, Belden and Wibu-Systems SIIA CODiE Award 2014 Winner Best Content Delivery German IT Security Award from Horst Goertz Foundation Winner 1 st prize with KIT (100,000 )

2015-04-21 MEDTEC: Industry 4.0 Cyber-Security Challenges on the Horizon 36 Thank You Stay in contact with us now! Deutschland: +49-721-931720 USA: +1-425-7756900 China: +86-21-55661790 http://www.wibu.com info@wibu.com