June 2019

66 n STRAP June 2019 www.drivesncontrols.com COMMS, NETWORKING AND SECURITY Safety and security: two sides of the same coin In the smart factory, safety needs both to guarantee protection for humans and machinery, and to maintain exibility and availability. David Collier, machinery safety specialist at Pilz Automation Technology, argues that we need an holistic approach to safety and security. D igital data and its efficient exchange will define future production processes. As communications become decentralised, the demand for secure communications will rise. This encompasses aspects of machinery safety on the one hand, and requirements such as data and IT security on the other. The term“safety”denotes the functional safety of machinery or, put another way, the protection of people and the environment against threats that can arise frommachinery. One option for the worst case is simply to interrupt the energy supply and bring a machine to a hard stop. The traditional way of achieving this has been by using special safety wiring and components such as safety relays. Because this approach is hardware-based and therefore static, it is not particularly suitable for intelligent manufacturing processes where plant layouts need to be changed continually. Dynamic safety An alternative is offered by dynamic safety concepts based on an integrated view of changing automation processes and functional safety requirements. This changes the view of safety itself – it is regarded less as a hardware characteristic, and more as a cross- device function. But the dynamic approach can only be implemented efficiently if functional safety is built into automation projects from the moment they are planned. Security involves protecting a plant or machine from unauthorised access from outside, as well as protecting sensitive data from corruption, loss and unauthorised access fromwithin. This includes explicit attacks as well as unintentional security incidents. Unlike functional safety, security mechanisms need to adapt continually to new threats – for instance, by implementing ad hoc updates to provide protection against new viruses, worms, Trojans and the like. To respond flexibly to prevailing threats, there must also be a comprehensive security strategy comprising multiple layers to underpin the protection of safety applications: the core being the automation components. This is followed by the network via which the components can communicate with other networks or with ERP (enterprise resource planning) systems, for example. The outermost layer represents the factory, which is shielded from the outside world by a special firewall, creating a“demilitarised zone”. The demands that IT and automation place on security vary considerably. While the confidentiality of information has top priority in office environments, in production, data availability comes top of the list because this is a key prerequisite for smooth operation. The IEC 62443 standard brings the two security worlds together. For networking, the recipe for success is “defence in depth”. IEC 62443 defines a“zones and conduits”security model. This splits automation networks up into different zones in which devices are allowed to communicate with each other. Exchanges of data with devices in other zones are possible only via a single conduit that is guarded by a secure router or a firewall and blocks all irrelevant information. All-round protection Another protective measure for safety applications is to arm the safety systems against cyber-attacks. The communication data has already been subject to multiple safety checks upon transmission and various methods are available to identify manipulation attempts sooner by the safe end-devices than with other methods of communication. But that alone is not enough. Aspects such as threat scenarios, strengths and weaknesses of protocols or encryption methods need to be taken into consideration from the outset. Even the best security measures are worthless if they are not put into practice or – worse still – are deliberately defeated because they take up too much time or due to a lack of understanding and ignorance. So technical measures alone will not suffice – they must be backed up by organisational measures, underpinned by training. Many processes and experiences from the safety sphere are directly applicable to the security sphere. The field of safety is already characterised by considerable security of investment and legal certainty. That is partly due to the need to comply with norms and standards. Terms such as Safety Integrity Level (SIL) are clearly defined worldwide, and standard classification into hazard classes and risk estimations is possible. But it is becoming increasingly important to consider the needs of the user and to limit complexity from the outset when developing solutions. Simplicity means (operator) safety. n Networked production in modern factories increases the demands on IT security.