PI / PNO
Profinet protection also at the protocol level
Since 2006, the PI (Profibus & Profinet International) Security Guideline has been advising manufacturers and users of Profinet devices to take technical and procedural security precautions. PI is now developing additional measures to protect Profinet at the protocol level as well.
As part of the digitalization of production processes, the IT security of production facilities is becoming increasingly important. End-to-end networking in companies, vertical integration and the trend towards flatter system hierarchies require end-to-end approaches to IT security in production. "Previous concepts, which mainly rely on isolating production systems, must be supplemented by new measures that provide protection for the components," explains Karsten Schneider, Chairman of the German PI branch of the Profibus User Organization (PNO). "The aim is therefore to protect Profinet at the protocol level."
PI has presented the basis for this in the white paper "Security extensions for Profinet", which is based on the international standard IEC 62443. Various protection goals for Profinet play a role here. Integrity has a high priority, for example the prevention or detection of data manipulation or the suppression of device alarms. In addition, changing the configuration of IO devices during operation must be secured by authorization. However, the robustness of the system and therefore the availability of the system must also be taken into account.
The analysis of the protection objectives results in different priorities, so that PI now defines three security classes: Robustness, Integrity + Authenticity and Confidentiality. The authenticity of the Profinet participants can be protected by a cryptographically secured digital identity, for example in the form of certificates. The integrity of communication can be ensured by cryptographic checksums, for example.
The necessary specification tasks have now been outlined and initial measures for Security Class 1 (Robustness) have been defined. These are now being incorporated into the Profinet GSDML specifications - such as the signing of GSD files, access controls for network management services (SNMP) and a "read-only" function for configuration information such as the device name. At the same time, work is underway to develop the other security classes. "We are thus ensuring that Profinet is equipped for the requirements of Industry 4.0 and can serve as a future-oriented platform for the IIoT," concludes Karsten Schneider.
You might also be interested in
Profinet leads the world according to study
According to the results of a recent study, Profinet is the world's leading Ethernet-based communication solution for industrial automation.
read more...On the way to the world library
The vision has been in place since the end of 2014: OPC UA is to achieve the status of a globally recognized standard for the Industrial Internet of Things IIoT by 2019 at the latest. During the press conference at SPS, the Foundation took a stand...
read more...More investment in software expertise
The economy is leaving its mark: compared to the previous year, Turck expects total sales of around 640 million euros for the 2019 financial year, a decline of 3%. Nevertheless, Managing Director Christian Wolf is optimistic.
read more...A look back at the fair
The 30th SPS was the highlight of the automation industry at the end of November. The keywords 'digitization' and 'digital transformation' were visible right through the halls. The main trends can be seen in the film below.
read more...SPS 2019 in retrospect
The 30th SPS, the trade fair highlight of the automation industry, took place at the end of November. The buzzwords 'digitalization' and 'digital transformation' were visible throughout the halls - the most important things in the film.
read more...Dynamically driving high speed motors
Under the name SD4x, Sieb & Meyer is developing a new generation of frequency inverters for high-speed applications. The first of these is the SD4S version, which is designed for small high-speed spindles and motors with a power output of just a...
read more...Individual standard products
Prime Cube' is a product brand for IPCs and HMI solutions introduced ten years ago. Matthias Klein, Managing Director of Schubert System Elektronik, reports on how the brand is kept fresh.
read more...Industry 4.0 'off the shelf'
iniNet Solutions has developed an automation architecture based on web server-supported SCADA and programming software, which is intended to bring manufacturing companies more easily than ever to industry 4.0 level. This architecture can be seen at...
read more...Plug and play into any cloud
A year ago, Cloudrail unveiled the 'CloudRail.Box' for the first time - a gateway that connects plug-and-play to IO-Link sensors and masters and sends the data to any cloud platform. Now it also handles OPC UA and Edge Computing.
read more...