New PROFINET security whitepaper
PI (PROFIBUS & PROFINET International) has published a security whitepaper documenting the basic concepts for protecting the PROFINET protocol.
The purpose of the whitepaper, which is called ‘Security enhancements for PROFINET,’ is to initiate coordination meetings with users, integrators and manufacturers. The objective of the discussion is the creation of a coordinated and viable concept which will make industrial communication with PROFINET fit for the requirements of the Industry 4.0 environment. Implementation will lead to a security specification for PROFINET networks provided as a supplement to the security guideline which has been available for more than 10 years.
Integrated networking within an enterprise, vertical integration and the trend toward flatter system hierarchies require further-reaching approaches for IT security in production. Previous concepts – which relied primarily on isolating production plants – need to be supplemented with new concepts which make provision for the protection of components.
The current IT security concept for PROFINET assumes a defense-in-depth approach as described in IEC 62443. The production plant is protected against attacks – particularly from the outside – by means of a multi-layer perimeter (firewalls, among other things). In addition, further safeguarding within the plant is possible by dividing the network into zones. A security component test ensures the ability of the PROFINET components to withstand overloading in a defined scope. This concept is supplemented by organisational measures in the production plant within the framework of a security management system.
The described security measures for PROFINET essentially correspond to current technology. New requirements from users demand further protection on the component level, which in turn necessitates suitable protective measures on the protocol level, however.
The whitepaper describes the new security requirements, protection goals derived from them and – based on the analyses conducted – the key concepts and protective measures for a PROFINET system. The next step will see the security working group specifying enhancements of the PROFINET protocol and strengthen it with additional cryptographic functions to ensure integrity, authenticity and, if required, the confidentiality of communication on the protocol level. The goal here is to limit the technical expenditure for systems with basic security requirements while at the same time ensuring backwards compatibility with the option of being able to operate the enhanced protocol parallel to the previous protocol on a network.
The whitepaper can be downloaded from www.profibus.com/profinetsecurity>
Source: Control Engineering Europe - All Articles