Sino-German White Paper on IT Security Tests for Industrie 4.0 and Intelligent Manufacturing

Due to digitalisation and new emerging technologies the complexity of the system under test increases. This also increases the attack surface and variety of attack vectors. Thus, the scope and implementation of security testing practices need to be adapted accordingly.

The “Sino-German White Paper on IT Security Tests for Industrie 4.0 and Intelligent Manufacturing” addresses these new requirements and challenges for security testing in Industrie 4.0/Intelligent Manufacturing. It also considers security testing solutions from specific technical domains based on international and domestic (incl. CHN/DEU) security test guidance and standards.

Security testing is a practice which ensures the security of a product, system, or service. It conveys verification and validation activities in all lifecycle phases. The paper places security testing in the system life cycle, including the operations environment, to facilitate a securely running system. It also presents different types of security tests from specific technical domains. These include the security of Machine Learning and Artificial Intelligence algorithms. In addition, some formal security testing methods, including the IEC 62443 series, the Common Criteria (ISO/IEC 15408) and the Open-Source Security Testing Methodology Manual are introduced.

As the human factor is still decisive in finding vulnerabilities and weaknesses, the skills required of specialised testing personnel are addressed on a general level (ISO/IEC 27021) and with regard to respective technical domains. Beyond the requirements to be met by security test staff, the white paper also provides an overview of the requirements for laboratories performing security tests, evaluations, and certifications.

This paper covers the complete system lifecycle and a variety of test methods. Thus, it can be used as a guidance document by a wide audience. However, it is especially aimed at security testers, system engineers or developers and an audience involved in the management and administration of security tests.

The paper is an outcome of the bilateral dialogue of the Technical Expert Group IT Security of the Sub-working Group Industrie 4.0. It is implemented under the umbrella of the Sino-German Standardisation Cooperation Commission. The group promotes IT Security-related topics in the field of Industrie 4.0/Intelligent Manufacturing. Following the joint work on IT security tests, they plan to jointly explore the topic of IT security grading in the future.