PROFIsafe and IT security  - Peter Brown of Siemens A&D
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

PROFIsafe and IT security - Peter Brown of Siemens A&D

  • 820 views
Uploaded on

What is PROFIsafe and how does it work? What do we mean by “Safety”? ...

What is PROFIsafe and how does it work? What do we mean by “Safety”?
“The condition of being safe; freedom from danger, risk, or injury.”
In the UK (and Europe) this can cover many areas and industries, for example:
Supply of Machinery (Safety) Regulations
Electromagnetic Compatibility Regulations
Electrical Equipment (Safety) Regulations
Pressure Equipment Regulations
Simple Pressure Vessels (Safety) Regulations
Equipment and Protective Systems Intended for Use in Potentially
Explosive Atmospheres Regulations
Lifts Regulations
Medical Devices Regulations
Gas Appliances (Safety) Regulations

Therefore:

Coexistence of standard and failsafe communication

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
820
On Slideshare
820
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
18
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. What is PROFIsafe and how does it work? Pete Brown Siemens I CS
  • 2. 2 Author / Title of the presentation “The condition of being safe; freedom from danger, risk, or injury.” In the UK (and Europe) this can cover many areas and industries, for example: Supply of Machinery (Safety) Regulations Electromagnetic Compatibility Regulations Electrical Equipment (Safety) Regulations Pressure Equipment Regulations Simple Pressure Vessels (Safety) Regulations Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres Regulations Lifts Regulations Medical Devices Regulations Gas Appliances (Safety) Regulations Important: It is essential to have some form of risk assessment / risk analysis e.g. HAZAN / HAZID / HAZOP / RA to ISO 12100 What do we mean by “Safety”
  • 3. 3 Author / Title of the presentation Profibus DP Standard-Host/PLC F-Gate- way other Safety- Bus Repeater Standard-I/O Master-Slave Assignment F-Field- Device DP/PA Coexistence of standard and failsafe communication F-Host/FPLC Standard-I/O F-I/O Engineering Tool PG/ES with secure access e.g. Firewall TCP/IP F = Failsafe F-Sensor F-Actuator PROFIsafe – The Vision
  • 4. 4 Author / Title of the presentation "Black Channel": ASICs, Links, Cables, etc. Not safety relevant "PROFIsafe": Safety critical communications systems: Addressing, Watch Dog Timers, Sequencing, Signature, etc. Safety relevant, Not part of the PROFIsafe: Safety I/O / Safety Control Systems Non safety critical functions, e.g. diagnostics Standard- I /O Standard Control 1 2 7 1 2 7 1 2 7 1 2 7 1 2 7 Safety Input Safety Control Safety Output Safety-LayerSafety-LayerSafety-Layer e.g.. Diagnostics PROFIsafe – ISO/OSI Model
  • 5. 5 Author / Title of the presentation PROFIsafe – Add-on Strategy Standard engineering tool STEP 7 Standard CPU Standard PROFIBUS DP Standard Remote I/O Failsafe engineering Tool Distributed Safety Failsafe I/O Modules PROFIsafe Failsafe Application ProgramF-Hardware
  • 6. 6 Author / Title of the presentation Coexistence of standard program and safety- related program on one CPU Changes to the standard program have no effect on the integrity of the safety-related program section Standard program Safety program Standard program Back-up PROFIsafe - Program
  • 7. 7 Author / Title of the presentation Time redundancy and diversity replace complete redundancy Time redundancy Time Diverse Operation Operation Coding Comparison Diverse Operators Operators Diverse Output Output Stop by D /C D = /C CA, B /A, /B OR AND PROFIsafe – Coded Processing Coded Processing
  • 8. 8 Author / Title of the presentation “Blackchannel" PROFIsafe layer PROFIsafe layer Standard data Fail-safe data Standard bus protocol Standard data Fail-safe data Standard bus protocol PROFIBUS PROFINET PROFIsafe - Introduction Safety-oriented communication via PROFIsafe First standard of communication in accordance with safety standard IEC 61508 PROFIsafe supports safe communication for the open standard PROFIBUS and PROFINET The PROFIsafe meets possible faults like address error, delay, data loss with Serial numeration of PROFIsafe-telegram Time monitoring Authenticity monitoring via unique addresses Optimized CRC-checking PROFIsafe supports standard- and failsafe Communication by one medium
  • 9. 9 Author / Title of the presentation Failure type: Remedy: Consecutive Number Time Out with Receipt Codename for Sender and Receiver Data Consistency Check Repetition Deletion Insertion Resequencing Data Corruption Delay Masquerade (standard message mimics failsafe) Revolving memory failure within switches Overview: Possible Errors and detection mechanism PROFIsafe - Introduction
  • 10. 10 Author / Title of the presentation Which protocol must be supported ? IO- C F D O Actuator PROFINET -IO Device F D I F D O Sensor PROFIBUS. PROFIBUS DeviceModular Device Local bus F- Host PROFINET- PROFIBUS Link Encapsulation Encapsulation Encapsulation F-DI Fail-safe digital input F-DO Fail-safe digital output IO-C PROFINET IO-Controller PROFINET SWITCH PROFIsafe - Introduction
  • 11. 11 Author / Title of the presentation Which protocol version applies when ? PROFIsafe V2 Slave used in Protocol with 8Bit-Counter (= PROFIsafe V1 mode) Protocol with 24Bit-Counter (= PROFIsafe V2 mode) PROFIBUS network only mandatory mandatory PROFINET network only - mandatory PROFIBUS / PROFINET network mandatory mandatory Goal: 100% compatability A PROFIsafe slave which supports the v2 mode must be able to replace an older version of this PROFIsafe slave which only supports the v1 mode without the need of any adaption PROFIsafe - Introduction
  • 12. 12 Author / Title of the presentation DP MasterDP Master PROFINET – PROFIsafe V2 PROFIBUS – PROFIsafe V1 or V2 DP Slave V2DP Slave V2 I/OI/O--Device V2Device V2 DP Slave V1DP Slave V1 DP Slave V1DP Slave V1 Proxy OnlyOnly DP Slave V2DP Slave V2 V1 = PROFIsafe Profil V1V1 = PROFIsafe Profil V1 V2 = PROFIsafe Profil V2V2 = PROFIsafe Profil V2 Which protocol version applies when ? PROFIsafe - Introduction
  • 13. Security for Industrial Automation Considering the PROFINET Security Guideline
  • 14. 14 Peter Brown / IT Security for Industrial Automation DCS/ SCADA* *DCS: Distributed Control System SCADA: Supervisory Control and Data Acquisition Potential Attack Plant Security Physical Security • Physical access to facilities and equipment Policies & Procedures • Security management processes • Operational Guidelines • Business Continuity Management & Disaster Recovery Network Security Security Zones & DMZ • Secure architecture based on network segmentation Firewalls and VPN • Implementationof Firewalls as the only access point to a security cell System Integrity System Hardening • Adapting system to be secure by default User Account Management • Access control based on user rights and privileges Patch Management • Regular implementation of patches and updates Malware Detection and Prevention • Anti Virus and Whitelisting Industrial IT Security
  • 15. 15 Peter Brown / IT Security for Industrial Automation What is IT Security? (Cyber/Network) Protection of computers and networks from intrusion and disruption With so many systems relying on networks this is critical The internet allows global connectivity and all its advantages These advantaged lead to vulnerability Security
  • 16. 16 Peter Brown / IT Security for Industrial Automation Why do I need IT Security? Intrusion can be malicious or accidental Governments are concerned by terrorist acts Business is concerned by industrial espionage and theft Ex employees may have a grudge Current employees can be careless Computer viruses can attack PLCs Network intrusions are on the increase – The damage can be catastrophic
  • 17. 17 Peter Brown / IT Security for Industrial Automation How do I implement IT Security? CPNI recommendations Risk analysis and policies Industrial grade equipment PROFINET / PROFINET Security Guideline (ICS CERT recommendations) Industrial Security Homepage: http://www.industry.siemens.com/topics/global/en/industrial-security
  • 18. 18 Peter Brown / IT Security for Industrial Automation PROFINET Security Concept The PROFINET Security Concept From the PROFINET Security Guideline Network Architecture – Security Zones Trust Concept – within Zones Perimeter Defence – Firewall/VPN Provision of Confidentiality and Integrity Transparent Integration of Firewalls www.AllThingsPROFINET.com
  • 19. 19 Peter Brown / IT Security for Industrial Automation Security Zones Security Zone Communication based on trust within zone Trusted networks should be able to talk with each other Perimeter defense Local Security Measures E.g. Locked Ethernet ports, Networking equipment in cabinets Trusted Network Firewall
  • 20. 20 Peter Brown / IT Security for Industrial Automation …Using Industrial Firewalls Monitor incoming and outgoing data packets on the basis of predefined rules Only authorized connections are accepted Help to keep unwanted traffic out (e.g. Office Broadcasts) Rugged industrial design “Industrial like” administration Built-in VPN capabilities How to secure the Network…
  • 21. 21 Peter Brown / IT Security for Industrial Automation Linking Security Zones Data traffic control between network using security modules Encrypted data transmission between security modules Firewalls help to keep unwanted office traffic out as well ted Network Firewall Trusted Netw Firewall Corporate Network/Backbone VPN
  • 22. 22 Peter Brown / IT Security for Industrial Automation Secure Automation Cells (Zones) Complete plant security Secure automation cells Internet
  • 23. 23 Peter Brown / IT Security for Industrial Automation Connecting to the Outside World When connecting to the outside world, think about Security against Wrong address allocations Unauthorized access Spying Manipulation Different requirements in industrial applications in Networks architectures Performance and functions PROFINET leverages effective and certified security standards (VPN) e.g. IPSec
  • 24. 24 Peter Brown / IT Security for Industrial Automation Methods for Network Security Security issues and vulnerabilities need to be addressed There are many methods How can we address these vulnerabilities using these techniques: Firewall Protect against unauthorized access VLAN (Virtual Local Area Network) Logical network that operates on the basis of a physical network DMZ (De-Militarized Zone) Exchange data with external partners via safe areas VPN (Virtual Private Network) Secure tunnel between authenticated users
  • 25. 25 Peter Brown / IT Security for Industrial Automation Industrial Security – Everyone? ManagementOperators OEM/System integrators Component suppliers Requirements that operators of industrial automation systems must meet: Security guidelines and processes, Risk management in terms of security Information and document mgmt. etc. System-side requirements in terms of . Access protection, user control Data integrity and confidentiality Controlled data flow, etc. Requirements that components of an automation system must meet in terms of Product development processes Product functionalities Measures and processes that prevent unauthorized access of persons to the surrounding area of the plant Physical access protection for critical automation components (e.g. locked control cabinets)
  • 26. 26 Peter Brown / IT Security for Industrial Automation Industrial Security for Controllers / HMIs Logon Control – Central, plant-wide user administration. Deactivation of services – Most network services deactivated in our products in their basic configuration. Deactivation of hardware interfaces – The unused interfaces of HMI / Controller / Device can be deactivated via the configuration. Robust Communication – One of the system properties of our PROFINET devices is their robustness against large volumes of network traffic or faulty network packets. Encryption of the user program – Application code for the PLC / controller can be encrypted. Copy protection – Encryption protection can be supplemented with copy protection that prevents duplication of application code.
  • 27. 27 Peter Brown / IT Security for Industrial Automation Example of a “Cell” (Machine?)
  • 28. 28 Peter Brown / IT Security for Industrial Automation Passwords! Various Passwords are set by default: HMI: web server; default password = “100”. HMI: user “Administrator”; default password = “administrator”. Switches : user “Administrator”; default password = “administrator”.
  • 29. 29 Peter Brown / IT Security for Industrial Automation Monitoring of PROFINET / Networks for: Detection of changes Load monitoring Security monitoring Event-forwarding TAP BANY Agent (integrated TAP) BANY Agent (external TAP) MRP Industrial Service Station Continuous Network / Security Monitoring
  • 30. 30 Peter Brown / IT Security for Industrial Automation DCS/ SCADA* *DCS: Distributed Control System SCADA: Supervisory Control and Data Acquisition Plant Security Physical Security • Physical access to facilities and equipment Policies & procedures • Security management processes • Operational Guidelines • Business Continuity Management & Disaster Recovery Network Security Security cells & DMZ • Secure architecture based on network segmentation Firewalls and VPN • Implementationof Firewalls as the only access point to a security cell System Integrity System hardening • Adapting system to be secure by default User Account Management • Access control based on user rights and privileges Patch Management • Regular implementation of patches and updates Malware detection and prevention • Anti Virus and Whitelisting SecurityServices Industrial IT Security Any Questions?
  • 31. 31 Author / Title of the presentation Questions? 31