How PROFINET’s additional protection measures enhance
Security is a topic that must be continuously adapted, particularly with respect to ever increasing networking of production plants. The use of components with added value, e.g., web or OPC communication increases direct communication with higher-level systems outside of the security zone. It is also becoming increasingly difficult to separate networks.
Networks are becoming larger, meaning that more and more components are connected together and interact with one another. A successful attack on a single (PC) system within such a cell, therefore, bypasses upfront security measures. Widely distributed plants also hinder the physical protection of networks and access points, meaning unauthorized persons could possibly gain access to the network. Concepts which rely primarily on isolating the production plants must be supplemented with new concepts that enable protection within the cell.
Forward thinking …
From the very beginning PROFINET featured an extensive security concept to protect plant networks and automation components. More importantly the protective mechanisms and concepts did not interfere with the running of production operations, were easy to implement and remained affordable. They were also able to be adapted to suit ever-changing developments.
PROFINET’s IT security concept employs a defence-in-depth approach. With this method, the production plant is protected against attacks – particularly from the outside – by means of a multi-layer perimeter with further safeguarding within the plant enabled by dividing into zones through the use of firewalls.
Furthermore, a security component test ensures the ability of PROFINET components to withstand overloading, a concept supported by organizational measures in the production plant within the framework of a security management system.
Additional measures for end-to-end security
PROFINET also includes a credential management system, e.g., for authentication of the devices and optional end-to-end security expansion for communication. As not every application has the same security requirements three security classes are now defined for PROFINET.
Further technical details and practical examples can be found in the Industry 4.0 Highlight “Security” at https://www.profibus.com/technology/industrie-40/. In this section on the PI website, current topics, issues and trends from Industry 4.0 applications are addressed so that the user can easily implement and realize them in practical work.
PI (PROFIBUS & PROFINET International)
PROFIBUS Nutzerorganisation e. V.
D-76131 Karlsruhe, Germany
Phone: +49 7 21/96 58 – 5 49
Fax: +49 7 21/96 58 – 5 89