Increasing digitalization of industrial automation systems has integrated, vast volumes of data and provided enormity of the opportunities and benefits but this trend has a significant dark side, however, in the form of increasing vulnerability to cyber-attack. All aspects, from the operating level to the field level and from physical access control to network and terminal protection, have to be tackled simultaneously in order to protect industrial systems against internal and external cyber-attacks. The most suitable approach for this is a defense in depth concept in accordance with the recommendations set out in IEC 62443, the leading standard for security in industrial automation.
The plant security, network security and system integrity elements form the foundation for the industrial security concept. Plant security puts in place the conditions necessary to ensure that the technical I T security measures implemented cannot be circumvented by other means. Plant security measures include physical access protection infrastructure, such as barriers, turnstiles, cameras and card readers. Organizational measures, most notably a security management process to ensure the security of a plant, is also included. Physical separation of different production areas with differentiated access authorizations and physical access protection for critical automation components.
The risk analysis brings transparency as to the security status of a plant and identifies weaknesses, thus providing a basis on which the corresponding risk can be derived. The next step is to implement the measures proposed to close the gaps identified. Resources encompassing both hardware (such as firewalls) and software (such as anti-virus and whitelisting) are available for this purpose.
Another key aspect of the service in this area is ongoing continuous monitoring of industrial plants and production machines. Network security is a central element of the industrial security concept, encompassing the protection of automation networks against unauthorized access and the control of all interfaces to other networks (such as the office network and, in particular, remote maintenance gateways to the internet). Protecting communications against interception and manipulation (encrypted data transmission and communication node authentication) also falls within the scope of network security.
Interfaces to other networks can be monitored and protected using firewalls and, where appropriate, by setting up a demilitarized zone (DMZ). A DMZ is a network in which technical security mechanisms protect access to all data, devices, servers and services. The systems installed within the DMZ are shielded from other networks by firewalls that control access. This separation makes it possible to provide data from internal networks (for example the automation network) on external networks without having to admit direct access to the automation network. A DMZ is typically designed so that it also does not permit access or connections to the automation network, which means that the automation network remains protected even if a hacker gains control of a computer inside the DMZ.
The segmentation of the plant network to create discrete automation cells protected by technical security mechanisms helps to minimize risk further and increase security. Network segmentation involves protecting elements of a network, such as an IP subnet, with a security appliance that separates them from the rest of the network for technical security purposes. The devices within a segmented cell are protected against unauthorized access from outside without need of any compromise in terms of real-time capability, performance or other functions.
The firewall is able to control access attempts to and from the cell. It is even possible to stipulate which network nodes are allowed to communicate with each other and, where appropriate, which protocols they are allowed to use. This means that unauthorized access attempts can be blocked, first and foremost, and also makes it possible to reduce the load on the network, as only those communications that are explicitly desired and permitted are able to proceed.
It is becoming increasingly common to connect plants directly to the internet and to link up remote plants via mobile networks (GPRS, UMTS, and LTE). This is done to enable remote maintenance, use remote applications and also to facilitate monitoring of machines installed all over the world.
Securing access is particularly important in this context. Hackers can find unsecured access points easily and inexpensively using search engines, port scanners, or automated scripts. It is therefore very important to ensure that communication nodes are authenticated, data transmission is encrypted and data integrity is protected, especially in the case of critical infrastructure plants. Incidents such as intrusion by unauthorized persons, the escape of confidential data and the manipulation of parameters or control commands can result in enormous damage, including to the environment and endanger personnel.
VPN mechanisms, which provide the very functions (authentication, encryption and integrity protection) required, have proven to be particularly effective in securing communications in this context. Siemens industrial internet and mobile communication routers support VPN, allowing data to be sent securely over these networks with protection against unauthorized access.
Protective mechanisms familiar from the office environment, such as anti-virus software, can also be used in industrial settings in principle, although it is essential to ensure that they have no adverse impact on the automation task.
Whitelisting solutions can be used in addition to anti-virus software. Whitelisting involves the creation of approved lists in which the user explicitly specifies those processes and programs that are permitted to run on the computer. Any attempt by a user or malware package to install a new program is then denied, preventing the associated damage.
Efforts to protect the control level are concerned primarily with ensuring the availability of the automation solution. The security mechanisms integrated into the standard automation components provide the starting point for protecting the control level.
The protection afforded consists in part of multi-access protection with differentiated access rights and in part of communication protocols for controller configuration or HMI connection. These include integrated security mechanisms for significantly enhanced detection of manipulation attempts.
Safeguarding intellectual property is another matter of growing concern: machine builders invest heavily in the development of their products and they cannot afford to see their proprietary expertise compromised. The know-how protection and copy protection functions provided by the Siemens controllers give users convenient and straightforward support in this area as well.
The know-how protection function enables highly specific protection of program modules to prevent access to their content and the copying and modification of algorithms.
The copy protection function links program components to the serial number of the memory card or CPU. This helps to prevent copying of the machines, as protected programs can only be used in the machines for which they are intended. These functions assist machine builders to safeguard their investment and maintain their technological edge.