Production came to a standstill, he had no access to customer data, products remained in the warehouse and no invoices could be issued. In return, he received a ransom demand. “We didn’t pay,” explained Pilz at the German Mechanical Engineering Conference a few days after the attack.

The cyberattack hit the automation expert hard. Despite – or perhaps because of – this, Pilz stood on stage at the Mechanical Engineering Conference in Berlin and told his fellow entrepreneurs in the audience about the staggering extent of the attack. Pilz is a role model and delivered the right message. Entrepreneurs are normally reluctant to talk about virtual attacks. Pilz went on the attack himself, however, and deserves recognition and respect for doing so. He even joked about it on stage with a healthy dose of gallows humour: “We’re being audited this week. They come even if everything’s at a standstill and all the servers are down.” Many of the audience members shook their heads in disbelief at the Swabian tax inspectors’ sense of duty.

BitPaymer, a ransomware Trojan that locks computers and encrypts data, gained access to the Pilz network via an account and spread rapidly. The hackers demanded money in the form of Bitcoin for the decryption key.

For many in the audience, the devastation of the attack suddenly hit home and it became “up close” and personal. Standing in front of them was an exemplary entrepreneur whose company had been left in tatters. This is what SMEs need to hear. Too often, studies warn about the carelessness of some industries, about a lack of awareness of the issue in business. There is widespread ignorance about the dangers of the dark side of digitization, partly because it’s often large corporations that are attacked. These attacks are covered by the media, but seem like a remote threat to many entrepreneurs. The local paper reports on every stolen lorry, but cyberattacks never make the headlines.

Then in October 2019 it hit a technology-driven SME that was highly secured, always had USB sticks checked after trips abroad and was an Industrie 4.0 pioneer – and cybersecurity now had a face: Thomas Pilz. The danger is palpable. Many agreed that we need to talk about cybersecurity much more and have an open discussion – Pilz is on the right track.

Four months after the attack we met Thomas Pilz again. “We’ve achieved a great deal and production started up again in November, but we still feel the effects,” reports the entrepreneur. He’s just been at a cybersecurity forum organized by the German Federal Cyber Security Authority (BSI) and is now making other companies aware of the dangers. In the autumn he criticized the work of the BSI. It sounded as if there was confusion over who was responsible for what. “I was in shock; we were on the verge of collapse,” is how Pilz summarizes the situation today. Responsibility for the business and over 2,500 employees rested on his shoulders and on those of his sister, Susanne Kunschert, with whom he runs the company. Today, Pilz has special praise for the Esslingen police force, which is still investigating the matter. The investigation is now an international operation. Pilz did everything right, according to investigators.

Yet the company didn’t just react; it also acted right away. “After the attack, we immediately got IT forensic experts from our service provider to secure evidence. A lot of companies wait too long. The police were then able to secure and analyse traffic data, which is only saved for 14 days; after that, the information is gone.”

What have he and his colleagues learned? “Our security needs to be more dynamic. We have to continuously invest, continuously train our staff and make everyone in the company aware of the issue. But it’s not that easy. Do you remember the Citrix breach a few weeks ago? It’s not enough to just provide the information that there’s a workaround. The administrator in charge of the system also needs good instructions on how to use the workaround. It’s no good if people don’t understand what they’re supposed to be doing.”

Pilz has learned from the attack and is now raising awareness among his customers too. “We offer our customers security training because we can explain to them exactly where the dangers between the OT (office technology) and IT worlds lie – today and in the future.” The Swabian company believes that the importance of this issue will continue to grow. “We’re increasingly focusing on industrial security in our products too; two-factor authentication and access control are part of this, of course.” Pilz always talks about the interaction between safety and industrial security in manufacturing, yet some industry representatives already suspect that edge devices and ML are heralding the end of PLCs. “Safety will remain at the field level. But we’re not ruling out edge devices for other applications,” explains Pilz, outlining a picture of a new generation of control systems in the PSS 4000 automation system. In robotics too, the entrepreneur is setting his sights on the future. “We’ve now developed ROS modules for industrial use that enable a robot to be driven without additional hardware control,” reports Pilz. He plans to make money with sensors or engineering services.