PROFINET gets boosted security measures at protocol level

11 February 2020

PI (PROFIBUS & PROFINET International) has always recognised security as being one of the most vital components of an industrial communication system. 

Since 2006, the PROFINET Security Guideline has described the technical and procedural measures on the part of the manufacturer and users of PROFINET devices. PI is now developing supplemental measures to also protect PROFINET at the protocol level.

The IT security of production plants is gaining in importance. The integrated networking in companies, the vertical integration and the trend toward flatter system hierarchies requires comprehensive approaches for IT security in production. Previous concepts, which relied primarily on isolating the production plants, need to be supplemented with new measures that make provision for the protection of components – including the protection of PROFINET at protocol level. The basics for this were presented by PI this year in the white paper ‘Security Extensions for PROFINET,’ which draws on international standard IEC 62443.

Various security objectives play a significant role for PROFINET in this process. One of the highest priorities is integrity – e.g. identifying and preventing data manipulation or the suppressing of alarms in devices. Changing the configuration of IO devices in day-to-day operations must also be secured by means of authorisation. The robustness of the system, and thus its availability, also cannot be disregarded. 

The analysis of the security objectives yielded various priorities, resulting in PI now having defined three security classes: robustness, integrity and authenticity, and confidentiality. This allows for the authenticity of the PROFINET nodes to be ensured through a cryptographically secured digital identity – in the form of certificates. But the integrity of the communication can also be ensured, e.g. through cryptographic checksums.

The necessary specification tasks have now been outlined, and initial measures for security class 1 (robustness) have been defined. These will be integrated in the specifications for PROFINET and for GSDML

Parallel to this, further development is taking place on the other security classes to ensure that PROFINET will be equipped to face the demands of Industry 4.0. 

Contact Details and Archive...

Related Articles...

Print this page | E-mail this page