Today we are talking with Vadim Remel about the role of cybersecurity in manufacturing. He’s the head of IT Security and is responsible for the digitization strategy of Bosch’s Chassis Control business.
What’s your role in manufacturing digitization at Chassis Control?
I’m responsible for IT security in manufacturing at Bosch Chassis Control. My day-to-day work includes developing and updating the IT security strategy and coordinating and ensuring implementation of IT security measures across more than 20 locations worldwide. IT security is an important building block of digitization, and for a good reason: data – including its availability and integrity – is becoming more important every day.
What challenges do you face today while implementing the digitization strategy?
Challenges exist along the entire life cycle. As concrete examples, I would highlight organization and knowledge management. To me, these are central elements. It’s important that employees from different areas and levels of the hierarchy – especially in the production environment – get to know the advantages of digitization and the need for IT security early on.
How do you build in cybersecurity as an aspect of your strategy?
Vadim Remel: Like every manufacturing company, we focus on production availability.
Our IT devices become more connected every day, opening potential gateways for attackers. So it’s even more important to establish a professional risk-based approach at the company in line with ISO 31000, IEC 62443, and ISO 27000. This makes it possible to effectively identify and assess risks and to derive the measures needed to address them – to safeguard availability, integrity, and confidentiality. This approach creates transparency and supports the entire organization in specifically working against potential risks.
What areas of cybersecurity do you focus on? What kinds of industrial attacks are you preparing for?
Vadim Remel: It’s fundamentally difficult to set a specific focus in cybersecurity because the attack scenarios change so quickly. This means it’s important to take measures for worst case situations: implementing things like firewalls, intrusion detection, network segmentation, backup and recovery, and emergency IT plans. In other words, we prepare for a range of possible attack scenarios and also work through open measures based on priorities so we continuously improve.
Could you share some good practices and proven approaches with us?
Vadim Remel: I would advise other manufacturers to also take a risk-based approach like the one I described earlier – working through and implementing the relevant norms and standards in a structured way. This makes existing risks transparent. During the development and implementation phases, every company becomes aware of available security measures and how they can be put into place in a way that makes sense. You can’t just focus on digitization – you have to think about cybersecurity too, ideally in a single integrated effort. It’s a never-ending process of continuous learning.
Are OT and IoT security issues for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.