Beyond previous boundaries, Industry 4.0 requires intensive cooperation between those involved in different stages of production. Digital machines, systems and logistics communicate directly with each other and with the people involved. Digitalization can help production to become more efficient and cost-effective. However, the more extensive it becomes, the clearer the potential risks and dangers become. It is clear that it is no longer just people who need good protection from machines - machines also need to be protected from people.

Two areas of safety

Many plant operators, especially in the chemical and petrochemical sectors, have already addressed the issue of Safety Integrity Level (SIL): Wherever an error can mean high costs or danger to life and limb, a safety level evaluates the risk reduction options adapted to the hazard. Unlike in everyday office life, however, IT safety in the field of process control systems is still uncharted territory in many places. While the areas of office communication were previously strictly separated from the process areas, this can hardly be maintained nowadays due to the increasing networking of systems. If only because the service life of machines used in the field of operational technology, or OT for short, is much longer than in the office environment, more extensive risk assessments must be carried out and a concept drawn up that may form the basis for important measures for decades to come.

Everyday office life shows the way

Vegapuls 6X is the first radar level sensor to be developed and certified in accordance with the IEC 62443 standard.

© Vega Grieshaber

Everyday office life shows just how important good cyber protection is: wherever emails are written and data and documents are exchanged, companies are increasingly protecting themselves against digital attacks on the basis of the now established ISO 27001. However, the risk situation cannot be transferred one-to-one. Industrial systems are more complex and function on several levels: Sensors transmit measured values to gateways and controllers, which in turn send information and values to operable machine interfaces. This is where all the data is bundled in production and maintenance systems, from where it is ultimately used in the IT area. The associated operational technology is correspondingly complex - it comprises all the software and hardware used to monitor and control the systems and machines.

Lots of added value, lots of risk

The introduction of digital technologies harbors considerable added value as well as risks. With complex networked processes and supply chains, enormous data streams are constantly being generated along the material flow between manufacturers, suppliers, service providers and customers. This means that computers, machines and sensors are part of the network - and offer exposed targets for cybercriminal attacks of all kinds. This applies to all industries and applications, as the dangers do not stop at waterworks, pipelines, ocean-going freighters or storage silos. For in-depth security, it is not just the system itself that needs to be secure. The installed components, such as level sensors or pressure gauges, should also meet the required safety standards. It is therefore part of Vega's philosophy to accompany the development of new products with a comprehensive security package at an early stage.

IT security also began with step 1 of the product development process for the 'Vegapuls 6X' radar level sensor. As a result, the sensor complies with IEC standard 62443 and offers security functions that provide customers with a secure basis for attack-protected network concepts.

Cybersecurity in an onion look

Vega's own PSIRT team deals with deficiencies in IT security; it finds and closes gaps and checks reported problems.

© Vega Grieshaber

In general, three areas of an integrated system are particularly worth protecting: the confidentiality of the data, the integrity of the system and those involved and the availability of the system. To ensure this, Vega aligned the multi-year development of the current Vegapuls 6X sensor generation with IEC 62443-4-1 and 62443-4-2 right from the start. A comprehensive threat analysis helped to identify potential threats and vulnerabilities at an early stage so that the most effective countermeasures could be considered and integrated during development.

The security requirements for hardware and software were defined step by step. As a result, they should not only serve the company's own development processes, but also form the basis for assessing supplied components at the same level. The list of processes finally defined included penetration tests, the handling of future security updates, analyses of access codes, comprehensive installation and operating guidelines and the necessary security documentation. "Our proactive and careful approach is reflected in a comprehensive defense-in-depth strategy for the radar sensors. The Vegapuls 6X are designed with multiple redundancies and are equipped for all eventualities," explains Product Manager Philipp Ketterer. "In a kind of 'onion look', we have placed one layer of security on top of the other to protect the data at the core. The outermost onion layer is cyber threats, which are warded off by the device security as the underlying layer. This security layer is protected, again underneath, by plant security, which is finally buffered by IT security management."

Safety - suitable for the application

Wireless operation in particular makes radar level monitoring easier - provided that users can rely on the cyber security of their measurement technology.

© Vega Grieshaber

The more extensive the networking of production, the more potential points of attack arise. "Security therefore doesn't have to be a one-off concept, but rather a growing process," emphasizes Philipp Ketterer, who recognizes the sensor interfaces in the environment of production plants as areas of attack in the networked system. To ensure that Vega stays a big step ahead of the threat in the medium and long term, the measurement technology company worked together with external specialists to develop the Vegapuls 6X level sensors. "The extra resources and expertise involved were important in order to close all the classic gateways for cyber criminals." This relates specifically to the internal and external interfaces of the sensors. "We need a catalog of measures that takes effect when users set up our devices or access them with software."

In addition, it is important to provide equally effective answers regarding the secure handling of the hardware interfaces in the device. This includes "responsible handling of Bluetooth" if the device ordered is equipped with this communication option, as well as HART interfaces. The ways in which protocols are transmitted in the device were also part of the overall assessment, as were connections between processors and memory modules on the circuit boards.

Running through the scenarios

Each phase of product development was not only carefully planned and evaluated for feasibility, but also comprehensibly documented. Independent product tests and certifications were also carried out. As a result, the Vegapuls 6X radar sensors are equipped to defend against a wide range of attack types. For example, they protect against scenarios such as 'unauthorized infiltration of communication', secure software updates or protect user logins to the system. Manipulation of data or even sabotage of the entire system are also considered.

In order to be able to react proactively to future developments and challenges, an in-house PSIRT team (Product Security Incident Response Team) accompanies the radar sensor deployments. The team deals with deficiencies in IT security, finds and closes gaps and checks reported problems. In practice, their assessment of new threats results in updates as well as important tips and information for everyone involved.

First certified radar sensor on the market

The author: Claudia Homburg is a copywriter at Vega in Schiltach.

© Vega Grieshaber

Vegapuls 6X is the first radar level sensor to be developed and certified in accordance with the IEC 62443 standard. The corresponding safety guidelines are documented for each of the devices and form part of the scope of delivery. The concept, the so-called Defense-in-Depth strategy, provides all the important information on how the product is safely integrated, configured and maintained in accordance with the guidelines. Nevertheless, the choice of sensor should not only be about the overall safety level, but also about ensuring that the selected level and the sensor properties are the best possible fit for the safety concept of a system.