Industrial Security describes the protection of production and industrial plants from intentional or unintentional. Security used to be the task of information technology (IT) in the form of IT security. Today, production and industrial plants are also highly interconnected with information technology. Attackers can intrude into automation and control systems more easily, manipulate them and even adversely affect safety (machinery safety). Therefore, staff members who are not IT experts will have to deal with potential hazards. Industrial Security deals with the IT security of production and industrial plants in the areas of factory automation and process control.
Industrial Security for industrial plants
Objectives of Industrial Security
The objective of industrial security is to guarantee the availability of plant and machinery and the integrity and confidentiality of data and processes. Attackers often use existing weaknesses to intrude into systems or disturb the course of processes. To prevent attackers accessing a system, possible weaknesses must be detected and remedied promptly. If attackers manage to exploit a weakness, this may have devastating consequences for the company. These range from production standstill to a hazard for humans when safety measures are manipulated in a targeted way. The application firewall SecurityBridge prevents this. It protects the connections between the diagnostic or configuration tools and the controllers from manipulation and enables secured connections to the outside world. The data is transferred almost without delay. To safeguard your plants from unauthorised access, you can use the access permission system PITreader. With PITreader and the related RFID transponder keys you control access permissions reliably and individually to your specifications and requirements.
Become an Industrial Security expert and find out about the central aspects of security and possible solutions from the Whitepaper.
Pilz PSIRT (Product Security Incident Response Team)
The highest quality requirements apply for our products and services. That’s why we take security into account even while developing our products. However, security gaps in software cannot be 100 % prevented, so we take any reports of possible weaknesses very seriously. This is the only way we can keep the very high quality level of our products. In the form of Security Advisories, the Pilz PSIRT provides recommendations for action that can be used to remedy weaknesses.
In the Pilz PSIRT our security specialists manage and assess all reports of possible security weaknesses in our products.
How to reach the Pilz PSIRT:
The security specialists from the Pilz PSIRT manage and assess all reports of possible security weaknesses in our products. If you have any questions about security regarding our products or infrastructure, or if you want to report any security gaps, please contact our PSIRT security experts. Please advise the PSIRT in German or English. Typically you can expect an initial reaction within two working days (CET). Please send us critical information encoded with the PGP Public Key.
Six tips for greater security
Because security is not a physical parameter but rather a “moving target”, the measures against cyber threats must be updated constantly. The responsibility for this primarily lies with plant operators, for whom data security also means protection of their investment. As a general rule of thumb, all devices that have an Ethernet connection can be considered at risk.
The following strategies help you implement security in your company:
1. Defence in depth: This principle is based on always placing new and different obstacles in the path of intruders. This makes it more difficult for attackers to achieve the objective. The point is to create as many obstacles as possible on as many levels as possible.
2. Organisational measures: It is important that all of a company’s employees internalise security. To do this, you should set up internal guidelines that apply to all employees and also for partners such as device manufacturers or service providers. Anyone responsible for security should support and check compliance with these guidelines.
3. Training: Not everybody can be an IT expert, so you should offer regular security training for your employees. The Pilz seminars that take place at the headquarters in Ostfildern near Stuttgart or at the customer's or – in a compacted from – as a webinar are aimed at machine designers and plant designers.
4. Segmenting “zones and conduits”: Zones with devices with similar security requirements should be separated from each other by firewalls or safe routers. Using the lines (conduits) between the zones, only devices that are genuinely authorised to do so can send and receive information.
5. Firewalls: Although routers and switches can also support security mechanisms, you should also employ firewalls. The application firewall SecurityBridge protects safe control technology on plant and machinery from manipulation of process data, for example.
6. Patch management: A patch process helps you define role-specific responsibilities. In addition, it should take into account not only patches and updates released by the manufacturer, but also third-party software (e.g. office applications, PDF reader).
Industrial Security training from Pilz
External attacks continually make the headlines. Internal attacks from within the company itself are frequently underrated. However, they can have equally serious consequences and lead to a network failure or to the divulging of sensitive information, for example. Most internal attacks happen unintentionally. The reasons are primarily incorrectly configured devices and operating errors. Therefore it is essential that you and your employees are trained accordingly.
We can offer you and your employees suitable training on Industrial Security.
We are a member
More about Industrial Security
Industrial Security in automation technology
The world of automation is merging with the IT world. This presents new challenges for both the protection of people (safety) and the protection of sensitive data from a machine (security). As for the safety aspect, there's a need to check the extent to which security issues influence functional safety. In an interview Harald Wessels, Product Manager, Product and Technology, Pilz GmbH & Co. KG, explains why Industrial Security is becoming more important, how safety and security are linked and the challenges we must face in the future.
Normative foundations of Industrial Security
When human and robot work hand in hand and the world of automation merges with the IT world, this raises the safety requirements. Not only human and machine but also data and expertise must be reliably protected against threats, unauthorised access and misuse. In an interview Bernd Eisenhuth, CMSE, Customer Support, Pilz GmbH & Co. KG, explains the normative foundations for Industrial Security and the Industrial Security requirements that must be met.
How to deal with security gaps
Security gaps in automation can have devastating consequences. In this interview Frank Eberle, Software Developer Network Systems, Advanced Development, Pilz GmbH & Co. KG, warns of the potential hazards that might arise from security gaps. In conclusion he shows some solution approaches to use to close these gaps.