Today we are talking with Vadim Remel about the role of cybersecurity in manufacturing. He’s the head of IT Security and is responsible for the digitization strategy of Bosch’s Chassis Control business.
What’s your role in manufacturing digitization at Chassis Control?
I’m responsible for IT security in manufacturing at Bosch Chassis Control. My day-to-day work includes developing and updating the IT security strategy and coordinating and ensuring implementation of IT security measures across more than 20 locations worldwide. IT security is an important building block of digitization, and for a good reason: data – including its availability and integrity – is becoming more important every day.
What challenges do you face today while implementing the digitization strategy?
Challenges exist along the entire life cycle. As concrete examples, I would highlight organization and knowledge management. To me, these are central elements. It’s important that employees from different areas and levels of the hierarchy – especially in the production environment – get to know the advantages of digitization and the need for IT security early on.
How do you build in cybersecurity as an aspect of your strategy?
Like every manufacturing company, we focus on production availability.
Our IT devices become more connected every day, opening potential gateways for attackers. So it’s even more important to establish a professional risk-based approach at the company in line with ISO 31000, IEC 62443, and ISO 27000. This makes it possible to effectively identify and assess risks and to derive the measures needed to address them – to safeguard availability, integrity, and confidentiality. This approach creates transparency and supports the entire organization in specifically working against potential risks.
What areas of cybersecurity do you focus on? What kinds of industrial attacks are you preparing for?
It’s fundamentally difficult to set a specific focus in cybersecurity because the attack scenarios change so quickly. This means it’s important to take measures for worst case situations: implementing things like firewalls, intrusion detection, network segmentation, backup and recovery, and emergency IT plans. In other words, we prepare for a range of possible attack scenarios and also work through open measures based on priorities so we continuously improve.
Could you share some good practices and proven approaches with us?
I would advise other manufacturers to also take a risk-based approach like the one I described earlier – working through and implementing the relevant norms and standards in a structured way. This makes existing risks transparent. During the development and implementation phases, every company becomes aware of available security measures and how they can be put into place in a way that makes sense. You can’t just focus on digitization – you have to think about cybersecurity too, ideally in a single integrated effort. It’s a never-ending process of continuous learning.
Thanks to Vadim Remel for his time!
In our day-to-day business, as your independent partner we analyze customer requirements towards cybersecurity and identify suitable providers of products and services. Therefore, we have collected a significant number of interesting provider and solution profiles. Of course, this does not include any recommendations for products or providers. Also be sure that we do not receive any advertisement payments for the interviews. If you are interested in an interview with us, please send a short message to cybercompare@bosch.com.
Please remember: This article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.