Interview with Lukas Linke from the Central Association for the Electrical and Electronic Industry (ZVEI)
Lukas Linke is Senior Manager Cybersecurity at Zentralverband Elektrotechnik- und Elektronikindustrie e.V. (ZVEI). That’s the German electrical and electronic manufacturers‘ association which is one of the most important industrial associations in Germany. On September 20, Lukas Linke will talk in a panel with Prof. Dr. Angelika Niebler (MEP) about the creation of a European Cybersecurity Union. We spoke with him in the run-up of the summit.
The Central Association for the Electrical and Electronic Industry, ZVEI, represents one of the largest and most important industries in Germany. What are the specific cyber security challenges in the electronics sector? And are there applications or areas in the branch which are particularly at risk?
Linke: According to our picture of the security situation this year, the electronics sector is also affected by the same risks as in other sectors. The focus is primarily on protecting know-how, securing availability and enabling new digital manufacturing and customer processes. Moreover, to be honest, different “classics” such as network segmentation, role and rights management as well as employee awareness are only gradually becoming known. Therefore, it is great to see that more security officers are being employed and more budgets are being made available in our sector.
What is your impression of the status of digitalization in the electronics sector? Is the sector a pioneer, and if so, does the same also apply for cyber security?
Linke: Each of the five ZVEI leading markets is now affected by digitalization: Industry, energy, health, mobility and buildings/housing. Initially, the focus is usually on the digitalization of the respective products, solutions and applications. However, they are also progressively beginning to modularize the manufacturing process. In my opinion, there is further hidden potential in the development of truly new business models. Here the industry is in the middle of “the Lessons Learned” phase. As manufacturers and suppliers of many end user systems (keywords: autonomous driving and smart grid), we must drive digitalization in Germany to remain competitive. German companies are at the forefront in the area of cyber security under the slogan “Industrial Security International”. Here we do not need to hide.
How is the topic of cyber security addressed by ZVEI? What significance does the topic have in the association work?
Linke: Cyber security is a CEO topic in ZVEI and is therefore handled directly by management. We differentiate between four levels, which we address individually: Corporate security, industrial security, product security and our exchange platform for lessons learned. The strategic partnership with the Alliance for Cyber Security of the Federal Office for Information Security (BSI) has helped us greatly. We regularly incorporate its content and awareness themes in the association work.
Do you think that cyber security can also be a growth level for companies?
Linke: Definitely! If you implement cyber security consistently and in good time or on an ongoing basis, this has various benefits:
- Room to maneuver: Customers are more willing to consent to new processes such as remote support, data analysis and cooperations.
- Time advantage: It is conceivable that security will affect everyone: Those who start quickly can cope with the workload more easily and make their mark.
- Customer perception: Customers perceive security and privacy as appreciation of their concerns. As a result, cyber security offers an opportunity to stand out from the crowd.
- Product quality increases: For example, cyber security increased the process maturity in development and production.
- Privacy: Many security measures are also required for privacy (e.g. access protection). As a result, there are many synergy effects.
In short: You do not set up cyber security overnight. Those who begin with it in good time and consistently will have a greater competitive advantage later. The announced IT Security Act 2.0 makes it clear that every industrial company must attend to cyber security.
Command Control primarily contacts decision-makers such as CEOs, CIOs, CISOs, etc. Why should decision-makers concern themselves with the topic?
Linke: When something does wrong with cyber security, it can be very expensive for the company. The focus is also no longer on management systems but rather on product security in IoT. As a result, every modern business case is directly or indirectly affected. Accordingly, decision-makers in industry and politics now need guidance to be able to take effective AND efficient steps. The reality is that networking and digitalization no longer function without cyber security.
What can participants expect from the panel “How will the EU be able to create a digital surrounding that is embedding both industry and consumer?”
Linke: The panel will focus primarily on the following tension conflict: On the one hand, cyber security needs to be strengthened and on the other side innovation strength must not suffer under omnipresent security certification, for example. We must also ensure that we set up future security approaches in Germany in such a way that they produce impulses for the EU and we do not provoke any separate national solutions. Now one further keyword: The bumpy process that occurred with the smart meter should not be repeated.
Why are you looking forward to Command Control?
Linke: I enjoy discovering new things and platforms in general. I am particularly excited to see whether Command Control actually succeeds in bringing industry, service providers and cyber security providers together. To date, people at trade fairs have talked more about others rather than with one another; well at least that’s my opinion.