Safety And Security Go Hand In Hand
While engineering and industry are well positioned when it comes to safety, they are sorely lacking with regard to security. Security is no longer one of those topics that should perhaps be dealt with when one’s schedule allows. Instead, it is currently possibly the most important and urgent topic in engineering, or even in industry, as the experts at Pilz emphasise.
Industrial security describes the protection of production and industrial plants from faults, whether intentional or unintentional. Security used to be the task of information technology (IT) in the form of IT security. Today, production and industrial plants are also highly interconnected using information technology.
"The entire lifecycle of the system must be considered here, meaning that security starts in development."
Thomas Pilz, Managing Partner of Pilz
It is easier for attackers to intrude into automation and control systems, manipulate them and even compromise safety (machinery safety). This means that staff who are not IT experts have to deal with potential hazards.
Industrial security deals with the security of control networks in production and industrial plants in factory automation and process control. The objective of industrial security is to guarantee the availability of plant and machinery and the integrity and confidentiality of machine data and processes.
"If I am not in control of my data, after all, then the company and the safety of my employees is at risk: Without security no safety, and without safety no protection of people."
Thomas Pilz, Managing Partner of Pilz
Attackers often use existing weaknesses to penetrate control networks or disrupt processes. To prevent attackers accessing the control network, potential weaknesses must be detected and remedied promptly. If attackers manage to exploit a weakness, this may have devastating consequences for the company. These range from production standstill to a risk to humans if safety measures are manipulated in a targeted way. Because security is not a physical parameter but rather a 'moving target', the measures against cyber threats must be updated constantly. As a general rule of thumb, all devices that have an Ethernet connection can be considered at risk.
"Only a holistic approach to safety and security can guarantee the protection of humans and machinery. It is thus absolutely necessary to also implement security measures directly in the devices."
Thomas Pilz, Managing Partner of Pilz
There are a number of strategies than can be used to
implement security
- Defence in depth - create as many obstacles as possible on as many levels as possible
- Organisational measure - all of a companies employees need to internalise security
- Training - not everyone is an IT expert, so employees need regular training
- Segmenting 'zones and conduits' - zones with devices needing similar security should be separated
- Firewalls - although routers and switches can support security, firewalls should be employed
- Patch management - a patch process helps you define role-specific responsibilities.
Pilz Firewall
The Pilz SecurityBridge application firewall, for example, protects safe control technology on plant and machinery from manipulation of process data. With SecurityBridge, within the control network, connections between the diagnostic or configuration tools and the controllers are protected from manipulation, enabling secured connections to the outside world. The data is transferred almost without delay. You can use the PITreader access permission system to safeguard your plants from unauthrosied access. With PITreader and the related RFID transponder keys you can control access permissions reliably and individually to your specifications and requirements.
"For around 20 years, our functional Safety Management has been checking and certifying safety. Additionally, for the last several years Pilz has oriented its developments process to IEC 62443-4-1 'Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements', resulting in demonstrably secure development. Strategically, certification is equally as important as the certifications for functional safety."
Thomas Pilz, Managing Partner of Pilz
Looking for more information? We can help with that...
If you want to know more about Safety and Security using Pilz, or have any questions, don't hesitate to get in touch on 01254 685900 and our Internal Sales Advisors or Technical Support Engineers will be happy to chat!
|