Drives and Controls Magazine
Cyberattack victim Pilz creates industrial security service
Published:  23 May, 2022

In October 2019, the Germany machinery safety specialist Pilz was hit by devastating ransomware cyberattack which knocked out its production, IT and Web systems for months in some cases. The company, which refused to pay the ransom, had to revert to using phones and whiteboards. “It almost killed us,” admits joint managing partner, Thomas Pilz. But “we fought back,” he adds. “It was wake-up call.”

Now, less than three years later, Pilz is launching an industrial security service to complement its traditional machine safety activities and training courses. The service will take into account all aspects of protecting humans and machines. It will be “a one-stop shop,” according Susanne Kunschert, Thomas Pilz’s sister, with whom he runs the business.

As happens in its safety activities, the first step in the new service will be to perform a risk assessment for a customer. This will assess potential weak points and classify the effects of potential cyberattacks from trivial to company-critical.

In a second step, Pilz will create an industrial security concept aimed at sectioning networks based on the “zones and conduits” model described in the IEC 62443 standard. This will allow administrative and production networks to be separated, for example. Networks can also be segmented down to individual manufacturing cells. Workflows for countermeasures will be developed and which measures from user authentication and physical protection, to backing up and restoring data, will be checked.

After appropriate measures have been implemented, either by the customer or by Pilz, they will be verified by tests and reviews, ensuring that the concept has been implemented in accordance with the specification.

Kunschert suggests that the new service, due to launch later his year, will offer users benefits including:
• ensuring the availability of machinery and systems;
• guaranteeing the integrity of the data in machines, processes and end-products;
• defining the responsibility for security measures between machine-builders and users; and
• offering users practical support, based on Pilz’s personal experience of the effects of cyberattacks on machine safety.

The new security assessment service for plant and machinery will supplement Pilz’s existing safety-related inspections of machines that focus on functional safety.

♦ Pilz has bounced back from the effects of the cyberattack and the Covid pandemic, and last year achieved a record turnover of €348.2m – a 21.7% increase on its 2020 figure. Despite supply chain problems, Pilz also produced a record 2.4 million devices in 2021.

Family business: joint managing partners Thomas Pilz and his sister, Susanne Kunschert

The company has had to adapt to the tough conditions. For example, when it had difficulties obtaining the plastics granulates it needed to produce the characteristic olive-green housings for its PNOZ safety relays, it changed to a “special edition” using transparent plastics instead.

"The last few years have not made it easy for us and all Pilz staff globally faced a new challenge each day,” Kunschert reports. “The result for 2021 is confirmation that it was worth the effort.”

She expects 2022 to be a “challenging” year as well. Incoming orders have returned to record levels, but the purchase of electronic components, metals and plastic granulates remains extremely difficult, and she expects the war in Ukraine to result in further rises in materials costs.

“We remain in crisis mode,” says Kunschert, adding, however, that “we look to the future full of confidence”.

Pilz:   LinkedIn   Twitter   Facebook