Safe and Secure Should security matter just as much as reliability within automation? What can poor security cost?

PLCnext control safety

What can poor security cost?

Plant downtime – due to security issues, production must be stopped for hours or days.
Ransomware – Production is blocked as Data is encrypted. Do you pay the costs of recovery, or rebuild the production process and hardware.
Loss of Data – Cost of data recovery.
Leakage of Know How – Quantify what your IP is worth.
Reputational Damage – What is the price of your partners and customer trust.

Holistic security

Security matters to automation systems, but how do you determine if a product or system is secure? The IEC 62443 standard specifies the processes and functions required to develop secure systems. It describes three roles (operator, integrator and manufacturer) and defines the necessary measures. For all roles, security by design proves to be an essential condition.

Phoenix Contact is the first company to receive a certification for a PLC family in accordance with IEC 62443-4-1 ML 3 Full Process Profile in combination with IEC 62443-4-2. This confirms that the secure development life cycle was fully applied in developing the PLCnext Control devices. It also developers to build control systems to meet that certification.

Besides focusing on the still relatively new (data) security issue Phoenix Contact has been implementing certified industrial safety measures for a long time routinely. In this area functional safety is key. It regards those safety measures in technical operations concerning all process control aspects. PLCnext also includes safety products that meet both the EN 61508 and IEC 62443-4-2.

Organisations that protect their networks and hence their communication channels through security measures, are increasing the availability of their safety functions at the same time. The other way around an optional safety solution can prevent the malfunction of a security measure: the safety protocol PROFIsafe for example includes data integration checks, which help detect data manipulation through malware or an attack.