Industrial security describes the protection of production and industrial plants from faults, whether intentional or unintentional. Security used to be the task of information technology (IT) in the form of IT security. Today, production and industrial plants are highly interconnected using information technology. It is easier for attackers to intrude into automation and control systems, manipulate them and even compromise safety (machinery safety). This means that staff who are not IT experts have to deal with potential hazards. Industrial security deals with the security of control networks in production and industrial plants in factory automation and process control.
Industrial security for industrial plants
Objectives of industrial security
The objective of industrial security is to guarantee the availability of plant and machinery and the integrity and confidentiality of machine data and processes. Attackers often use existing weaknesses to penetrate control networks or disrupt processes. To prevent attackers accessing the control network, potential weaknesses must be detected and remedied promptly. If attackers manage to exploit a weakness, this may have devastating consequences for the company. These range from production standstill to a risk to humans if safety measures are manipulated in a targeted way. The application firewall SecurityBridge prevents this. Within the control network, connections between the diagnostic or configuration tools and the controllers are protected from manipulation, enabling secured connections to the outside world. The data is transferred almost without delay. You can use the access permission system PITreader to safeguard your plants from unauthorised access. With PITreader and the related RFID transponder keys you can control access permissions reliably and individually to your specifications and requirements.
Become an industrial security expert and find out the central aspects of security and the solution approaches from the white paper.
Pilz PSIRT (Product Security Incident Response Team)
Our products and services meet the highest quality requirements. That’s why we take security into account even during product development. However, security gaps in software cannot be 100 % avoided, so we take any reports of possible weaknesses very seriously. This is the only way we can keep the very high quality level of our products. The Pilz PSIRT issues security advisories to provide recommendations for action that can be used to remedy weaknesses.
In the Pilz PSIRT our security specialists manage and assess all reports of possible security weaknesses in our products.
How to reach the Pilz PSIRT:
The security specialists from the Pilz PSIRT manage and assess all reports of potential security weaknesses in our products. If you have any questions about security regarding our products or infrastructure, or if you want to report any security gaps, please contact our PSIRT security experts. Please notify the PSIRT in German or English. Typically you can expect an initial reaction within two working days (CET). Please send us critical information encoded with the PGP Public Key.
Six tips for greater industrial security
Because security is not a physical parameter but rather a “moving target”, the measures against cyber threats must be updated constantly. The responsibility for this primarily lies with plant operators, for whom data security also means protection of their investment. As a general rule of thumb, all devices that have an Ethernet connection can be considered at risk.
The following strategies help you implement security in your company:
1. Defence in depth: This principle is based on always placing new and different obstacles in the path of intruders. That makes it more difficult for attackers to achieve their objective. The point is to create as many obstacles as possible on as many levels as possible.
2. Organisational measures: It is important that all of a company’s employees internalise security. To do this, you should set up internal guidelines that apply to all employees and also for partners such as device manufacturers and service providers. Anyone responsible for security should support and check compliance with these guidelines.
3. Training: Not everybody can be an IT expert, so you should offer regular security training for your employees. Pilz seminars are held at their headquarters in Ostfildern near Stuttgart, on the customer's premises or – in condensed from – as a webinar, and are aimed at machine designers and plant designers.
4. Segmenting “zones and conduits”: Zones containing devices with similar security requirements should be separated from each other by firewalls or safe routers. Using the conduits between the zones, only devices that are genuinely authorised to do so can send and receive information.
5. Firewalls: Although routers and switches can support security mechanisms, you should also employ firewalls in your control network (industrial communication network). The application firewall SecurityBridge protects safe control technology on plant and machinery from manipulation of process data, for example.
6. Patch management: A patch process helps you define role-specific responsibilities. In addition, it should take into account not only patches and updates released by the manufacturer, but also third-party software (e.g. office applications, PDF Reader).
Industrial security training from Pilz
External attacks continually make the headlines. Internal attacks from within the company itself are frequently underrated. However, they can have equally serious consequences and lead to a network failure or to the divulging of sensitive information, for example. Most internal attacks happen unintentionally. Incorrectly configured devices and operating errors are primarily to blame. That’s why it is essential that you and your employees are trained accordingly.
We can offer you and your employees suitable training on industrial security.
We’re a member
More about industrial security
Industrial security in automation technology
The world of automation is merging with the IT world. This presents new challenges for both the protection of people (safety) and the protection of sensitive data from a machine (security). As for the safety aspect, there's a need to check the extent to which security issues influence functional safety. Harald Wessels, Product Manager, Product and Technology, Pilz GmbH & Co. KG, explains in an interview why industrial security is becoming more important, how safety and security are linked and the challenges we must face in the future.
Normative foundations of industrial security
When human and robot work hand in hand and the world of automation merges with the IT world, the safety requirements are raised. Not only human and machine but also data and expertise must be reliably protected against threats, unauthorised access and misuse. Bernd Eisenhuth, CMSE, Customer Support, Pilz GmbH & Co. KG, explains in an interview the normative foundations for industrial security and the industrial security requirements that must be met.
How to deal with security gaps
Security gaps in automation can have devastating consequences. In this interview, Frank Eberle, Software Developer Network Systems, Advanced Development, Pilz GmbH & Co. KG, warns of the potential hazards that might arise from security gaps. In conclusion he shows some solution approaches to closing these gaps.