Figure 4: Layered Security - Have a kick-ass Ninja Team
In Industry 4.0 every piece of a device or system has to contribute its piece of security and enforce its piece of security policy. Only having security by design, i.e. security that is built in right the spine of the devices and systems, Industry 4.0 will be able to meet the expectation.
This conference has also shown that the way to achieve security assurance for Industry 4.0 is via certification but it is not yet clear that standards are needed. For network security IEC 62443, which is still in development, is the main candidate. For business security 27k standards have been mentioned. For devices different approaches based on Common Criteria (also known as ISO/IEC 15408) have been presented. Thus, it seems that Common Criteria is so far a common base for many security topics.
More information at www.sysgo.com/industrial