Addressing security for open industrial automation networks
A working group on industrial Ethernet security has been established by the CC-Link Partner Association (CLPA), with the aim of providing a guideline document for users looking to build secure networks around the open gigabit Ethernet CC-Link IE technologies. In particular, the document will cover strategies for users adopting the CLPA’s Seamless Message Protocol (SLMP) and CC-Link IE Field Basic where general IP communication is used for both cyclic and transient communications.
The converging of the IT (information technology) and OT (operational technology) worlds, driven by the widespread adoption of Ethernet and Internet based technologies in manufacturing, has brought security concerns to the fore in recent years, particularly after a number of high profile cyber-attacks.
The manufacturing community is taking steps to harden vital production systems against attacks, but typically the task is more complex than would be the case in the IT environment. The ‘human factor’ is a key part of the puzzle, where the role played by plant personnel who must operate, maintain and manage a plant must also be included.
Moreover, physical and cyber security measures must be considered to create a multi-layered or ‘defence in depth’ approach that combines a secure architecture with physical access control, secure networks, monitoring and so on.
While the industry is taking steps to make hardware more secure, the CLPA felt that more could be done to address deficiencies in network security without compromising the requirements of the plant floor.
Hence the decision was taken to form a security working group that will build on the network security strategies defined under IEC 62443, which focuses on industrial automation and control systems. The standard is a comprehensive framework that addresses all key aspects of securing plant systems, such as how to establish a security programme, use cases, technical requirements and so on.
The working group will include a number of CLPA partners, including Belden-Hirschmann, Cisco Systems, Hilscher, HMS, Mitsubishi Electric, MOXA and Panduit.
John Browett, CLPA Europe General Manager, commented: “While most people involved in manufacturing today agree that the spread of Ethernet has brought important benefits, such as enabling trends like Industry 4.0, it also has been a double edged sword. In the past, cyber security was a topic that attracted little attention on many shop floors. Today, most engineers and technicians have securing their production systems against unauthorised access as a top priority. As trends like Industry 4.0 usher in an ever more connected set of processes in each plant and enterprise, addressing cyber security is becoming a more and more urgent requirement. The CLPA is pleased to be working with our partners to deliver a set of guidelines that will help to make sure industries can continue to put their confidence in technologies like CC-Link IE now and into the future.”