In smart, networked production there is a growing need for secured communication. This involves aspects of machinery safety and industrial security in equal measure. For manufacturers and operators this requires a different, broadened approach to safety and security. But how great are the differences really and how important is a holistic view?
Industrial security protects devices, plant and machinery from unauthorised access and manipulation. At the same time, the intention is to protect people and the environment from hazards. As a result, manufacturers of automation components need to take appropriate protective measures. An attack on the integrity of a safety system can have serious consequences. That is why the international standard IEC 61508-1 included an addendum in clause 7.4 'Hazard and risk analysis.' This says that a threat analysis should be carried out if a security threat is considered likely.
The challenge for manufacturers...
With IEC 62443 there is already an international standard series that deals comprehensively with IT security in automation. It currently offers the best orientation guide for plant operators and device manufacturers when it comes to implementing security effectively. However, when you look at the requirements of this standard, implementation appears extremely complex. But, if a manufacturer is already complying with the requirements of the standard IEC 61508 during product development, then the requirements of IEC 62443-4-1 can be met more easily - if they are not already met in full.
...and for operators
Ultimately, an intelligent safety concept must provide the greatest possible leeway and freedom in operation, as well as the maximum possible safety. Access points to the machine or process are of vital importance. These must be protected against unauthorised opening, so that nobody is inside the danger zone when the machine is in operation.
Safety gate systems are used to safeguard the access doors. These combine secure safety gate monitoring with safe guard locking in a single system and also provide safety functions such as emergency stop, escape release and a mechanical restart interlock.
It is not possible to restart the plant until it is established beyond doubt that there is nobody else in the danger zone. A safety gate system such as Pilz PSENmlock guarantees the safety of people, the process and, due to guard locking, provides the first building block of industrial security. Great care must also be taken when assigning information and permissions to plant operators.
The Pilz PITmode fusion operating mode selection and access permission system enables functionally safe operating mode selection and the control of access permissions on plant and machinery. This means that the plant is only operated and controlled by authorised personnel in defined operating modes. Each operator is given an RFID-coded key that provide access/control permissions that match his or her competencies. This provides a high degree of protection against unintended actions and manipulations, as well as security of information.
Add the components of the Pilz modular safety gate system and the result is a coherent machine access concept – and not just from safety perspectives. Aspects of industrial security are also considered with a view to user authentication, qualification and access protection. Should an accident or security incident still occur on the machine, by reading the RFID key it will be transparent who made which change. Particularly with security incidents, this is important to enable targeted countermeasures to be introduced. The control system uses this authentication to also record the time of access in the event log.
Safety and industrial security together
Today's plants are modular in design. Following the concept of the smart factory, they should be networked and should be accessible remotely for maintenance, diagnostics, etc. Without any special protective measures, remote access gives a group options that would otherwise only be possible locally via physical access. Depending on the exposure of the network, it may also be possible to operate and manipulate the system. Even well-intentioned operation or maintenance of a plant via a network could have fatal consequences. Consider, for example, that another employee on site is in the plant's danger zone, also with the intention of working on the machine. It is clear, therefore, that without industrial security, the safety of a machine can be compromised.
So it is essential to ensure that the control network is only accessible to authorised users and, at the same time, that access via the network does not disrupt operation on site. These are exactly the features that the Pilz SecurityBridge has to offer: access to the control network is only possible if this is consistent with physical security and safety. Pilz has developed the SecurityBridge in a TÜV-certified process in accordance with the above-mentioned IEC 62443-4-1. Aspects such as threat scenarios, strengths and weaknesses are taken into account as early as during the development process. Access via the SecurityBridge conforms to today's information security requirements. When one section of the plant that is protected by SecurityBridge communicates with other controllers, there is no need for detailed information about the relevant protocols. The connection is simply activated.
Industrial security is becoming a basic requirement for a secure Industrie 4.0 network of machines and things. This means that although these two aspects of automation continue to be independent, they must be closely aligned.
Follow the link for more information about safety and security products and systems from Pilz.