Industrial security describes the protection of production and industrial plants from faults, whether intentional or unintentional. Security used to be the task of information technology (IT) in the form of IT security. Today, production and industrial plants are also highly interconnected using information technology. It is easier for attackers to intrude into automation and control systems, manipulate them and even compromise safety (machinery safety). This means that staff who are not IT experts have to deal with potential hazards. Industrial security deals with the security of control networks in production and industrial plants in factory automation and process control.
The objective of industrial security is to guarantee the availability of plant and machinery and the integrity and confidentiality of machine data and processes. Attackers often use existing weaknesses to penetrate control networks or disrupt processes. To prevent attackers accessing the control network, potential weaknesses must be detected and remedied promptly. If attackers manage to exploit a weakness, this may have devastating consequences for the company. These range from production standstill to a risk to humans if safety measures are manipulated in a targeted way. The application firewall SecurityBridge prevents this. Within the control network, connections between the diagnostic or configuration tools and the controllers are protected from manipulation, enabling secured connections to the outside world. The data is transferred almost without delay. You can use the access permission system PITreader to safeguard your plants from unauthorised access. With PITreader and the related RFID transponder keys you can control access permissions reliably and individually to your specifications and requirements.
Our products and services meet the highest quality requirements. That’s why we take security into account even during product development. However, security gaps in software cannot be 100 % avoided, so we take any reports of possible weaknesses very seriously. This is the only way we can keep the very high quality level of our products. The Pilz PSIRT issues security advisories to provide recommendations for action that can be used to remedy weaknesses.
Because security is not a physical parameter but rather a “moving target”, the measures against cyber threats must be updated constantly. The responsibility for this primarily lies with plant operators, for whom data security also means protection of their investment. As a general rule of thumb, all devices that have an Ethernet connection can be considered at risk.
External attacks continually make the headlines. Internal attacks from within the company itself are frequently underrated. However, they can have equally serious consequences and lead to a network failure or to the divulging of sensitive information, for example. Most internal attacks happen unintentionally. Incorrectly configured devices and operating errors are primarily to blame. That’s why it is essential that you and your employees are trained accordingly.
The world of automation is merging with the IT world. This presents new challenges for both the protection of people (safety) and the protection of sensitive data from a machine (security). As for the safety aspect, there’s a need to check the extent to which security issues influence functional safety. Harald Wessels, Product Manager, Product and Technology, Pilz GmbH & Co. KG, explains in an interview why industrial security is becoming more important, how safety and security are linked and the challenges we must face in the future.
When human and robot work hand in hand and the world of automation merges with the IT world, the safety requirements are raised. Not only human and machine but also data and expertise must be reliably protected against threats, unauthorised access and misuse. Bernd Eisenhuth, CMSE, Customer Support, Pilz GmbH & Co. KG, explains in an interview the normative foundations for industrial security and the industrial security requirements that must be met. http://www.pilz.com
Security gaps in automation can have devastating consequences. In this interview, Frank Eberle, Software Developer Network Systems, Advanced Development, Pilz GmbH & Co. KG, warns of the potential hazards that might arise from security gaps. In conclusion he shows some solution approaches to closing these gaps.