Various security objectives play a significant role for ProfiNet in this process. One of the highest priorities is integrity – e.g. identifying and preventing data manipulation or the suppressing of alarms in devices. Changing the configuration of IO devices in day-to-day operations must also be secured by means of authorization. The robustness of the system, and thus its availability, also cannot be disregarded. The analysis of the security objectives yields various priorities, resulting in PI now having defined three security classes: robustness, integrity and authenticity, and confidentiality. For instance this allows for the authenticity of the ProfiNet nodes to be ensured through a cryptographically secured digital identity, e.g. in the form of certificates. But the integrity of the communication can also be ensured, e.g. through cryptographic checksums.
The necessary specification tasks have now been outlined, and initial measures for security class 1 (robustness) have been defined. These will be integrated in the specifications for ProfiNet and for GSDML, e.g. the signing of GSD files, access controls of network management services (SNMP), and a read-only function for configuration information such as the device name.
Parallel to this, further development is taking place on the other security classes. This ensures ProfiNet is equipped to face the demands of Industry 4.0 and will serve as a future-oriented platform for the industrial internet. PI is implementing the key subjects for the realization of digitalization in industrial production.
#PAuto #Cybersecurity, @ProfibusUK @AllThingsPROFI
No comments:
Post a Comment