Incorporating security aspects into the design of Industrie 4.0 systems

Overview

Protection against advanced persistent threats (APT)  

Protection against advanced persistent threats (APT)

  • The implementation of the forward-looking Industrie 4.0 project requires cross-company data transmission in real time.
  • Solutions for the remote maintenance of machines or systems are already quickly reaching their limits, as access for external service personnel requires individual licenses in many companies.

Application

Controlling the exchanged data  

Controlling the exchanged data

The digital model becomes particularly important when devices wish to participate in Industrie 4.0 communication. In addition to the properties of the component, all data generated during its lifecycle is stored in the digital model. This data is then available in real time to all those authorized to access it within the scope of cross-company information exchange.

In order for companies to agree to the provision of data and the opening of communication channels, security is vital. The digital model of the component must be protected against unauthorized access. The implementation of the Internet of Things also requires distributed structures. Central elements are replaced by distributed, autonomous systems that require a sufficient degree of protection.

Solution

Access to production and system data  

Access to production and system data

A technical and organizational challenge of the future will be the secure identification of communication partners and products by means of cryptographic processes. The assignment of a public key must be accompanied by a certificate issued by a trusted body. If several issuing bodies are involved, this can be difficult to manage, although if one body suffers a breach of security, this will be easy to isolate. If just a few large issuing bodies are involved, this is easier to manage, but it is more difficult to limit the damage.

In order to prevent the unwanted leakage of information, the exchanged data must be strictly controlled. The way in which information should be selected, so as to suit the amount of data available and the possible applications, is still to be resolved.

Big data concepts for Industrie 4.0 envisage providing and storing large volumes of data. This information is relevant and needs to be protected for long periods, whereas commercial data is often only relevant for a short amount of time. Consequently, trust-based business relationships must be built on a contractual basis, whereby the data protection standard must also be defined. This requires standardized security levels that can be evaluated and verified.

Supervising the flow of information at the defined interfaces is just one aspect. Ensuring that the IT security of the entire company meets the required standard is just as important. Long-lasting attacks start by penetrating a network and then spreading throughout the entire company network. This kind of access usually takes place through vulnerable systems that are difficult to protect. Once the malware has infiltrated the network, it is only internal hurdles, which are often much easier to bypass, that need to be negotiated. What makes things difficult is that the complete integration required for Industrie 4.0 makes no distinction between office and manufacturing IT.

Summary

IT security is a company-wide issue that affects all areas of operation and production. Security expertise from office IT systems has to be integrated into manufacturing environment processes, even if different technical or organizational measures need to be implemented here.

This requires production IT employees to undergo training and further training on information security so that communication does not end at company boundaries. In order to overcome this limitation, access security must be a basic requirement of automation and incorporated during the early design phase of the overall solution within the scope of a security by design concept.

PHOENIX CONTACT
GmbH & Co. KG

Flachsmarktstraße 8
32825 Blomberg, Germany
+49 5235 3-00