Sponsored Article

Securely interlinked: taking a smart approach

21 October 2020

The demand for secure communication – covering aspects of what we at Pilz refer to as “safety” and “industrial security” – is growing in smart, networked production. For both manufacturers and operators, this means taking a different, enhanced approach to security. But how big are the differences, really, and how important is it to take a holistic view of things?

Industrial security describes the protection of devices, machines and plants from unauthorised access and tampering, plus the protection of both people and the environment from danger. So, manufacturers of automation components must take appropriate protective measures. An attack on a safety system’s integrity can have serious consequences, which is why an amendment has been added to Section 7.4 (“Hazard and risk analysis”) of the IEC 61508-1 functional safety standard. It states that a threat analysis should be performed if a security threat is considered likely.

A challenge for manufacturers…
There is already an international series of standards that comprehensively covers IT security in automation: IEC 62443. At the present time, it provides plant operators and device manufacturers with the best guidance concerning effectively implementing industrial security. But if we were to consider this standard’s requirements, implementation appears to be extremely time-consuming. However, if a manufacturer follows the requirements set down in the IEC 61508 standard during product development, fully meeting the requirements set down in IEC 62443-4-1 becomes a great deal easier.

…and operators alike
Finally, in operation, a smart security concept must offer both freedom and scope for design, as well as the highest possible level of safety. Access to the machine or the process is critical here. Machinery must be secured against un­authorised access to ensure that nobody is in the danger zone while it is in operation.

Safety gate systems are used to secure the access doors and combine reliable safety gate monitoring with safe guard locking in a single system, in addition to featuring safety functions such as emergency stop, escape release and a mechanical restart interlock.

A plant can only be restarted when it is absolutely certain that there’s nobody in the danger zone anymore. A safety gate system such as PSENmlock ensures both personnel safety and process safety and – with guard locking – provides the first industrial security building block.  Information and permissions must be carefully assigned to plant operators too.

Security is a complex creature 
The PITmode fusion operating mode selection and access permission system enables functionally safe operating mode selection and control of access permissions on machines and plants. So, the plant is only operated and controlled by authorised individuals in defined operating modes. Each operator receives an RFID-coded key that the machine releases corresponding to their responsibilities and qualifications are stored on. This guarantees a high level of protection against accidental actions and tampering, in addition to ensuring information security. 

Supplemented by the components of the modular safety gate system, a coherent machine access concept is created – and not just from a safety standpoint. Industrial security aspects are considered too with regard to user authentication, qualification and access protection. But if an accident or a security incident does occur at the machine, the RFID key can be read out to determine who made which change. This is particularly important if and when security incidents occur, so that targeted counter-measures can be implemented. Based on this authentication, the control system also records the time of access in the event log. 

You can’t have safety without industrial security
Plants have modular designs nowadays. Following the idea of the smart factory, they should be networked with one another and be remotely accessible for maintenance, diagnostics, and so on. If special protective measures aren’t taken, a group of people has remote access to options that can otherwise only be implemented locally, with physical access. The system can even be operated and tampered with too, depending on how exposed the network is. Even well-meaning plant operation or maintenance over a network could prove fatal if, for example, another employee is on site in the plant’s danger zone to work on the machine too. So, it is abundantly clear that a machine’s safety can definitely be impaired without industrial security. 

It must therefore be ensured that the control network is only accessible to authorised users and, at the same time, that local operation cannot be interrupted by access over the network. And those are precisely the features that the Pilz SecurityBridge offers. The control network is only accessible if this is in line with physical security and safety considerations. 

Pilz developed the SecurityBridge in a TÜV-certified process in accordance with the aforementioned IEC 62443-4-1 standard, so aspects such as threat scenarios, strengths and weaknesses are taken into account even during the development process. Access over the SecurityBridge meets today’s information security requirements. No detailed information about the relevant logs is required for communication between a part of the plant protected by the SecurityBridge and other controllers. So, the connection is simply released. 

Industrial security is becoming a basic prerequisite for a safely operated Industry 4.0 network comprising both machines and things. In other words, although these two aspects of automation remain independent, they must be closely coordinated.

Contact Details and Archive...

Related Articles...

Additional Information...

Print this page | E-mail this page