Automation security enhanced with PROFINET ’ s additional protection measures
Security is a topic that must be continuously adapted , particularly with respect to ever increasing networking of production plants . The use of components with added value , e . g ., web or OPC communication increases direct communication with higher-level systems outside of the security zone . It is also becoming increasingly difficult to separate networks .
Networks are becoming larger , meaning that more and more components are connected together and interact with one another . A successful attack on a single ( PC ) system within such a cell therefore bypasses upfront security measures . Widely distributed plants also hinder the physical protection of networks and access points , meaning unauthorized persons could possibly gain access to the network . Concepts which rely primarily on isolating the production plants must be supplemented with new concepts that enable protection within the cell .
FORWARD THINKING … From the very beginning PROFINET featured an extensive security concept to protect plant networks and automation components . More importantly the protective mechanisms and concepts did not interfere with the running of production operations , were easy to implement and remained affordable . They were also able to be adapted to suit ever changing developments .
PROFINET ’ s IT security concept employs a defence-in-depth approach . With this method , the production plant is protected against attacks – particularly from the outside – by means of a multi-layer perimeter with further safeguarding within the plant enabled by dividing into zones through the use of firewalls .
Furthermore , a security component test ensures the ability of PROFINET components to withstand overloading , a concept supported by organizational measures in the production plant within the framework of a security management system .
ADDITIONAL MEASURES FOR END-TO-END SECURITY PROFINET also includes a credential management system , e . g ., for authentication of the devices and optional end-to-end security expansion for communication . As not every application has the same security requirements three security classes are now defined for PROFINET .
FDPP - www . fdpp . co . uk 13