IoT has arrived in the companies. However, there is still a lot of trouble with the necessary integration of operational technology (OT) and classic IT – especially in terms of IT security.

The Internet of Things (IoT) is moving both the IT industry and the German economy. However, interpretations and approaches are still very different. Juergen Hahnrath, Head of IoT Germany at Cisco Systems, outlined the big vision: “When we talk about IoT, I think it’s about fundamentals. We have to be ready to question everything. If, for example, a start-up in Aachen today is able to produce and market a completely new car purely with an electric drive but without sheet metal, this could mean tomorrow that I no longer need a press to punch body parts. This would eliminate the need for a complete production process, including the value chain.” His industry colleague Bernhard Kirchmair, Managing Director of Axians Digital Acceleration GmbH, promoted a more pragmatic approach: “From the IT manager’s point of view and also from the company’s point of view, IoT is of course about a far-reaching transformation process. From an infrastructure perspective, however, we are primarily talking about more efficient resource management and better integration of PPS, ERP and SCM systems”.

Companies are working on concrete use cases

Not only is the debate in Germany currently moving between these two poles, the range of these assessments also reflects the status quo. One thing is certain: The Internet of Things (IoT) has gained considerable momentum in Germany and has now reached a considerable degree of maturity. “IoT has long since reached companies.

Most companies have long since left the proof of concept phase behind and are working on concrete use cases with corresponding financial and personnel resources,” emphasizes Dorian Gast, Head of Business Development IoT Germany at Dell, describing the general market situation. According to relevant studies, far more than half of German companies are planning to introduce IoT platforms or are already in the planning stages.

Digital transformation in Germany

As expert Gast notes, the digital transformation in Germany still doesn’t seem to have really taken place: “Especially in Germany, people still think they are too much in a position of deceptive security, because until now there has been no pressure to change the previous business model to ‘plus a service’ or ‘as a service’. Local companies still focus too much on the manufacturing process per se and the product, but not on the Smart Frontend, which will be crucial in the future”.

This rather critical assessment seems to apply at least to small and medium-sized companies in the manufacturing industry, where the focus is still more on the supposedly “classic” advantages of IoT, such as higher efficiency in production, less downtime and better utilization of machines. Even more decisive, however, might be another motive: the fear of cannibalizing the ancestral product business by partially or even completely switching to an “as-a-service” business model.

In principle, however, IoT scenarios cannot be combined. More than ever, there are significant differences between the individual industries. While in the local manufacturing industry the above-mentioned reservations remain unchanged, other branches of industry have long since taken off with IoT – for example the construction industry, where under the buzzwords “Connected Building” and “Smart City” new living and working environments are no longer just being created on the drawing board, or in the retail and logistics sector, where customer dialogue and thus the customer experience are transferred to a completely new level through “Connected Products”.

The focus is often not on the business model

But back to plant and mechanical engineering and the automotive industry. Germany, still a country of machine and car manufacturers, inventors and engineers? Nowhere else does this cliché seem to apply more than when it comes to IoT, as Marcel Buchner, Country Manager Germany & Austria at Tech Mahindra, points out: “Basically, IoT in Germany is viewed very technologically and approached accordingly.

The focus is on the product rather than the business model, let alone a change in it.” And, Buchner continues, the industries that embody the backbone of the German industrial landscape must be differentiated once again. “The transformation pressure in the automotive industry is currently much higher than, for example, in plant engineering and mechanical engineering. IoT is still in its infancy there.”

As Uwe Herrmann, Account Manager at Objektkultur, reports: “The major automobile manufacturers are increasingly demanding access to machine and production data from their suppliers and their suppliers in order to be able to directly monitor compliance with quality standards. Everyone also wants to know which production phase their product is currently in. This is particularly important in the case of completely new drive technologies in the field of e-mobility, for example.

Gap between IT and OT is a security risk

A further complicating factor is likely to be the fact that IoT is often equated with industry 4.0 in the above-mentioned sectors. This means that the focus is (initially) on the individual machine, the individual device and the production facilities.

In many cases there are still two worlds to be found: classic IT with its hardware, software and network components and Operational Technology (OT) with its production and industrial facilities, which to date has almost without exception worked in a self-contained ecosystem without a connection to the Internet.

For IoT security experts like Navid Sayed from TÜV Süd, this is a challenge in two respects: “We have not only a hierarchical but also a horizontal problem in our companies. Because the OT world is reluctant to talk to the IT world.”

In addition, it is a nightmare for those who are among the advocates of a consistent security-by-design strategy. While in industrial sectors with “only” one classical IT, the connection of IoT platforms is primarily about interoperability, protected standardized interfaces to third-party systems and multi-cloud capability, the challenge in the manufacturing industry is far more complex.

According to the analysts at CRISP Research, we are talking here about a lack of end-to-end security, of IoT platforms that are typically written in isolation from the public Internet and are used too quickly alongside industrial control systems such as SCADA due to the pressure to innovate.

If the corporate network is then hacked by just one infected laptop, IoT devices are left without protection, and a blackmailer can quickly, as recently happened at the Krauss-Maffei Group, paralyze the entire production for weeks.