Farming and IT security
The comprehensive digitalization that has now taken hold of the agricultural industry provides an opportunity for this - later than other sectors, but all the more thoroughly for it, because it promises further major advantages in terms of yield and efficiency. In order to fully exploit the potential of this development, CLAAS is investing in IT security and has, among other things, established a public key infrastructure (PKI) as the central cryptographic instance for all services.
The high and ever-increasing proportion of electronics and software in agricultural machinery shows that the digital revolution in the field is in full swing. Today, agricultural machinery is networked with each other, with the IT back end or even with the IT system in the cloud. Important framework conditions are now also in place for this: For example, mobile communications coverage in the agricultural sector has been greatly expanded.
One application scenario that is currently changing agriculture dramatically is smart farming or precision farming. Here, differences in soil properties can be evaluated even within a field and exploited through optimal cultivation. In addition, digital processes can make the day-to-day operations of farms more efficient in a variety of ways: In Parallel Driving, agricultural machinery is automated and GPS-guided track by track across the field. Predictive maintenance analyzes the condition of agricultural equipment so that maintenance work can take place precisely when it is actually required. Software updates and the activation of additional services and functions can be carried out over the air, saving time and effort.
Wireless data transfer
CLAAS offers its customers digital services for these and other application scenarios and is constantly developing them further. The technical implementation of the services makes it necessary to transmit data via wireless interfaces, for example, via mobile communications or WLAN. This data traffic must be protected: To rule out manipulation, it must be ensured at all times that the data originates from trusted CLAAS instances. In addition, the protection of personal data and CLAAS intellectual property may make it necessary to encrypt data. Another essential aspect is the protection of CLAAS agricultural machinery against hacker attacks.
IT security is well known from the world of the Internet and corporate IT - but it is a relatively new field for agricultural machinery. CLAAS therefore launched the Security@CLAAS project at the beginning of 2016 to meet the IT security requirements for the networked CLAAS machines and services. The company-wide cybersecurity program aimed to holistically secure the various digital use cases against unauthorized manipulation and protect confidential data.
With Security@CLAAS, we have initiated a noticeable change process throughout the entire company. After the requirements assessment in the form of workshops, a risk analysis, and the creation of a security concept for the deployment scenarios, we developed and established a security manifest that acts as a company-wide standard for securing functions and services.
PKI as central technology
The final milestone was the introduction of a CLAAS product PKI (public key infrastructure). This central service for cryptographic functions generates electronic certificates proving that certain data originate from a trusted source and regulates access to this data. PKI solutions have proven their worth for many years in other areas where the confidentiality and integrity of data is important: In border control, for example, they ensure that the authenticity of electronic identity documents can be established reliably and quickly. PKI-supported processes are also used for HTTPS-based web servers, which are used for online banking, for example. PKI solutions usually run automatically in the background - as is the case with the CLAAS solution - largely unnoticed by the end user. In establishing the IT security measures, the CLAAS project team received significant support from secunet. "secunet provided both conceptual parts and the technology for the CLAAS product PKI," says Ehl. "In particular, the flexibility and ease of integration of this technology into the CLAAS IT systems tipped the scales in this favor. The flexibility paid off especially in the start-of-production phase of the networked electronic components: secunet was able to make last-minute adjustments in the process. The speed with which the CLAAS product PKI was established should also be emphasized: From the start of implementation to commissioning took just six weeks."
An important prerequisite for the success of such a project was in place right from the start: "We were consistently supported by CLAAS management," says Harry Knechtel, project manager on secunet's side. "The cooperation with the dedicated project team and the goal-oriented cross-departmental cooperation were also above average."
Only a starting point
As is so often the case in IT, the successful completion of the project cannot be the end point for the implementation of IT security at CLAAS. Attackers are not asleep either, so the bar must be constantly raised. It is true that the Security@CLAAS project has created a future-oriented architecture that can also cover the protection of future applications. But it should ultimately only be understood as the starting point for a continuous improvement process, which CLAAS will now fill with life.