To be able to use Industry 4.0 technologies in an existing process-related system, the operating data must first of all be collected (Figure 1). The objective is to avoid modifying the system significantly. The automation pyramid in the NOA concept is therefore expanded by a side channel that provides horizontal, secure and impact-free access to the process data on all levels. The well-known automation pyramid is made up of four levels. However, it is not possible to establish cross-communication between the lower sensor/actuator level and the upper control level (Figure 2).
The NOA concept therefore adds a side channel to the automation approach used to date. Cross-communication can be established using this channel, so that the operator can evaluate the data recorded by the field devices. New analysis and monitoring methods are easier to use if full access is granted to the process system data, which is securely extracted from the system based on the NOA concept. The symbolic data diode is used for this purpose. It allows data to be removed from the system but the processes cannot be accessed. The data is readily available in this way as a starting point for any evaluation. It can be saved on servers or in a cloud and forwarded to those points where an evaluation takes place. This can be done by internal specialists or external service providers (Figure 2).
Secure and impact-free data access
However, the concept described here is only advantageous to the operator if data can be accessed securely and without any impacts. It must also be possible to integrate the approach into the information security management system (ISMS) that is part of ISO 27000, as already stipulated in the IT Security Act for critical infrastructures. Such a system is often implemented in non-critical systems in any case to ensure secure operation. In cooperation with the German Electrical and Electronic Manufacturers’ Association (ZVEI), therefore, Namur has set up new working groups that focus on IT security and the implementation of data diodes in actual hardware. When it comes to automating systems, there are various directives and standards in which the actual IT security situation is defined on different levels. The basic IT security stipulated by the German Federal Office for Information Security (BSI) and IEC 62443 “IT Security for industrial automation and control systems” are examples of general process models.
Holistic security approach
IEC 62443 is a series of general security standards for industrial automation and control systems. It is made up of 13 parts documenting process security requirements, functional measures and the current state of the art (Figure 3). According to NOA, the most important parts are:
- IEC 62443 Part 2-1 – Security management system requirements for operators of industrial automation systems
- IEC 62443 Part 2-4 – IT Security program requirements for service providers of industrial automation systems
- IEC 62443 Part 3-3 – System requirements for IT security and security level of industrial automation systems
- IEC 62443 Part 4-1 – Life cycle requirements for secure product development of industrial automation systems
- IEC 62443 Part 4-2 – Technical IT security requirements for automation system components.
When developing a device with data diode functionality it makes sense to implement a security-by-design approach for the hardware and software. The necessary security processes and functional measures for device manufacturers, system integrators and machine and system operators can thus be implemented.
Product development process
IEC 62443-4-1 describes the product development process for automation devices. The main element is a process that enables a reliable determination of whether all security requirements have been implemented and verified. This process is rounded off by other security implementation features, for example a threat analysis based on the security context, i.e. the operational scenario for the product, the defence-in-depth concept and security vulnerability management, which nowadays is generally implemented by a product security incident response team (PSRIT).
Devices and system requirements
IEC 62443-4-2 defines the technical requirements for industrial automation devices. Based on the security threat, a security level (SL) from 0 to 4 is determined and adapted to the attacker’s capabilities (Figure 4). Different functional requirements are set out for the products according to the attack vector and the security level (Figure 5).
However, the implementation of functional measures must not be considered in isolation. An SL can only be achieved if the framework conditions stipulated in Part 4-1 regarding a secure development process are met. The security level of a device or system can therefore only be achieved by combining processes and functional measures.
The functional security requirements concerning the capabilities of automation systems are detailed in IEC 62443-3-3. Here, an evaluation assesses the extent to which the components comply with the operator’s functional requirements. This part of the standard simultaneously determines the interface between the system integrator and the device manufacturer. The devices needed to implement the security level defined by the operator can be selected on this basis.
Requirements for system integrators
IEC 62443-2-4 specifies the requirements for the capabilities linked to the IT security of industrial automation system services. It describes the interface between the operator and the system integrator as well as the core processes during integration, commissioning and maintenance. Amongst other things, this comprises the architecture and configuration of the automation solution, the management of user accounts, processing of events and patch management including backing up and restoring the automation solution.
IEC 62443-2-1 covers the requirements regarding the operator’s IT security programme. A table specifies all requirements which should basically enable a transition to the ISMS as per ISO 27000. This part of the standard also determines the security level of the system based on a threat analysis.
The requirements for implementing the NOA concept are currently being defined in various working groups. These will ultimately decide which standards, technologies and processes should be used. To enable a gradual introduction of the approach, it is important to establish a secure connection from the NOA side channel to external systems, such as a cloud or server, using existing security routers. Devices specially developed for implementing data diodes can then be utilised in subsequent steps.
Online search: cpp0219phoenix
Author: Boris Waldeck
Senior Product Manager,
Business Unit Automation Systems,
Phoenix Contact Electronics
Author: Thilo Glas
Senior Specialist Engineering,
Industry Management
Process,
Phoenix Contact Electronics