PROFIsafe is a standard for safe communication in industrial automation networks. It allows for both standard and failsafe communication over the same network using PROFIBUS or PROFINET. PROFIsafe ensures safety by adding features like consecutive numbering of data packets, time monitoring, and authenticity monitoring using unique addresses. It detects possible faults like delays, data loss, or address errors. PROFIsafe supports coexistence of standard and safety-related programs on one CPU without impacting each other. It uses techniques like time and data redundancy to achieve safety without full redundancy. Network security for industrial automation is also important, and can be implemented through measures like secure network segmentation, firewalls, VPNs, and ongoing network monitoring.
2. 2
Author / Title of the presentation
âThe condition of being safe; freedom from danger, risk, or injury.â
In the UK (and Europe) this can cover many areas and industries, for example:
Supply of Machinery (Safety) Regulations
Electromagnetic Compatibility Regulations
Electrical Equipment (Safety) Regulations
Pressure Equipment Regulations
Simple Pressure Vessels (Safety) Regulations
Equipment and Protective Systems Intended for Use in Potentially
Explosive Atmospheres Regulations
Lifts Regulations
Medical Devices Regulations
Gas Appliances (Safety) Regulations
Important: It is essential to have some form of risk
assessment / risk analysis
e.g. HAZAN / HAZID / HAZOP / RA to ISO 12100
What do we mean by âSafetyâ
3. 3
Author / Title of the presentation
Profibus DP
Standard-Host/PLC
F-Gate-
way
other
Safety-
Bus
Repeater
Standard-I/O
Master-Slave
Assignment
F-Field-
Device
DP/PA
Coexistence of standard and failsafe communication
F-Host/FPLC
Standard-I/O
F-I/O
Engineering Tool
PG/ES with
secure access
e.g. Firewall
TCP/IP
F = Failsafe
F-Sensor F-Actuator
PROFIsafe â The Vision
4. 4
Author / Title of the presentation
"Black Channel": ASICs, Links, Cables, etc. Not safety relevant
"PROFIsafe": Safety critical communications systems: Addressing, Watch Dog Timers,
Sequencing, Signature, etc.
Safety relevant, Not part of the PROFIsafe: Safety I/O / Safety Control Systems
Non safety critical functions, e.g. diagnostics
Standard-
I /O
Standard
Control
1
2
7
1
2
7
1
2
7
1
2
7
1
2
7
Safety
Input
Safety
Control
Safety
Output
Safety-LayerSafety-LayerSafety-Layer
e.g.. Diagnostics
PROFIsafe â ISO/OSI Model
5. 5
Author / Title of the presentation
PROFIsafe â Add-on Strategy
Standard
engineering
tool
STEP 7
Standard
CPU
Standard
PROFIBUS DP
Standard
Remote I/O
Failsafe engineering
Tool
Distributed Safety
Failsafe
I/O Modules
PROFIsafe
Failsafe
Application
ProgramF-Hardware
6. 6
Author / Title of the presentation
Coexistence of standard program and safety-
related program on one CPU
Changes to the standard program have no
effect on the integrity of the safety-related
program section
Standard program
Safety program
Standard program
Back-up
PROFIsafe - Program
7. 7
Author / Title of the presentation
Time redundancy and diversity replace
complete redundancy
Time redundancy
Time
Diverse
Operation
Operation
Coding Comparison
Diverse
Operators
Operators
Diverse
Output
Output
Stop
by D /C
D = /C
CA, B
/A, /B
OR
AND
PROFIsafe â Coded Processing
Coded Processing
8. 8
Author / Title of the presentation
âBlackchannel"
PROFIsafe
layer
PROFIsafe
layer
Standard
data
Fail-safe
data
Standard
bus
protocol
Standard
data
Fail-safe
data
Standard
bus
protocol
PROFIBUS
PROFINET
PROFIsafe - Introduction
Safety-oriented communication via PROFIsafe
First standard of communication in accordance with
safety standard IEC 61508
PROFIsafe supports safe communication for the
open standard PROFIBUS and PROFINET
The PROFIsafe meets possible faults like address
error, delay, data loss with
Serial numeration
of PROFIsafe-telegram
Time monitoring
Authenticity monitoring
via unique addresses
Optimized CRC-checking
PROFIsafe supports standard- and failsafe
Communication by one medium
9. 9
Author / Title of the presentation
Failure type:
Remedy: Consecutive
Number
Time Out
with Receipt
Codename for
Sender and
Receiver
Data
Consistency
Check
Repetition
Deletion
Insertion
Resequencing
Data Corruption
Delay
Masquerade (standard
message mimics failsafe)
Revolving memory failure
within switches
Overview: Possible Errors and detection mechanism
PROFIsafe - Introduction
10. 10
Author / Title of the presentation
Which protocol must be supported ?
IO-
C
F
D
O
Actuator
PROFINET
-IO
Device
F
D
I
F
D
O
Sensor
PROFIBUS.
PROFIBUS DeviceModular Device
Local bus
F-
Host
PROFINET-
PROFIBUS
Link
Encapsulation
Encapsulation
Encapsulation
F-DI Fail-safe digital input
F-DO Fail-safe digital output
IO-C PROFINET IO-Controller
PROFINET
SWITCH
PROFIsafe - Introduction
11. 11
Author / Title of the presentation
Which protocol version applies when ?
PROFIsafe V2
Slave used in
Protocol with
8Bit-Counter
(= PROFIsafe
V1 mode)
Protocol with
24Bit-Counter
(= PROFIsafe
V2 mode)
PROFIBUS
network only
mandatory mandatory
PROFINET
network only
- mandatory
PROFIBUS /
PROFINET
network
mandatory mandatory
Goal: 100% compatability
A PROFIsafe slave which supports the v2 mode must be able to replace an older
version of this PROFIsafe slave which only supports the v1 mode without the
need of any adaption
PROFIsafe - Introduction
14. 14
Peter Brown / IT Security for Industrial Automation
DCS/
SCADA*
*DCS: Distributed Control System
SCADA: Supervisory Control and Data Acquisition
Potential
Attack
Plant Security
Physical Security
⢠Physical access to facilities and equipment
Policies & Procedures
⢠Security management processes
⢠Operational Guidelines
⢠Business Continuity Management &
Disaster Recovery
Network Security
Security Zones & DMZ
⢠Secure architecture based on network segmentation
Firewalls and VPN
⢠Implementationof Firewalls as the only access
point to a security cell
System Integrity
System Hardening
⢠Adapting system to be secure by default
User Account Management
⢠Access control based on user rights and
privileges
Patch Management
⢠Regular implementation of patches and updates
Malware Detection and Prevention
⢠Anti Virus and Whitelisting
Industrial IT Security
15. 15
Peter Brown / IT Security for Industrial Automation
What is IT Security? (Cyber/Network)
Protection of computers and
networks from intrusion and
disruption
With so many systems relying
on networks this is critical
The internet allows global
connectivity and all its
advantages
These advantaged lead to
vulnerability
Security
16. 16
Peter Brown / IT Security for Industrial Automation
Why do I need IT Security?
Intrusion can be malicious or accidental
Governments are concerned by terrorist acts
Business is concerned by industrial espionage and theft
Ex employees may have a grudge
Current employees can be careless
Computer viruses can attack PLCs
Network intrusions are on the increase â The damage can be
catastrophic
17. 17
Peter Brown / IT Security for Industrial Automation
How do I implement IT Security?
CPNI recommendations
Risk analysis and policies
Industrial grade equipment
PROFINET / PROFINET Security Guideline
(ICS CERT recommendations)
Industrial Security Homepage:
http://www.industry.siemens.com/topics/global/en/industrial-security
18. 18
Peter Brown / IT Security for Industrial Automation
PROFINET Security Concept
The PROFINET Security Concept
From the PROFINET Security Guideline
Network Architecture â Security Zones
Trust Concept â within Zones
Perimeter Defence â Firewall/VPN
Provision of Confidentiality and Integrity
Transparent Integration of Firewalls
www.AllThingsPROFINET.com
19. 19
Peter Brown / IT Security for Industrial Automation
Security Zones
Security Zone
Communication based on trust within zone
Trusted networks should be able to talk with each other
Perimeter defense
Local Security Measures
E.g. Locked Ethernet ports, Networking equipment in
cabinets
Trusted Network
Firewall
20. 20
Peter Brown / IT Security for Industrial Automation
âŚUsing Industrial Firewalls
Monitor incoming and outgoing data packets on the basis
of predefined rules
Only authorized connections are accepted
Help to keep unwanted traffic out (e.g. Office Broadcasts)
Rugged industrial design
âIndustrial likeâ administration
Built-in VPN capabilities
How to secure the NetworkâŚ
21. 21
Peter Brown / IT Security for Industrial Automation
Linking Security Zones
Data traffic control between network using security modules
Encrypted data transmission between security modules
Firewalls help to keep unwanted office traffic out as well
ted Network
Firewall
Trusted Netw
Firewall
Corporate Network/Backbone
VPN
22. 22
Peter Brown / IT Security for Industrial Automation
Secure Automation Cells (Zones)
Complete plant security
Secure automation cells
Internet
23. 23
Peter Brown / IT Security for Industrial Automation
Connecting to the Outside World
When connecting to the outside world, think about
Security against
Wrong address allocations
Unauthorized access
Spying
Manipulation
Different requirements in industrial applications in
Networks architectures
Performance and functions
PROFINET leverages effective and certified security
standards (VPN)
e.g. IPSec
24. 24
Peter Brown / IT Security for Industrial Automation
Methods for Network Security
Security issues and vulnerabilities need to be addressed
There are many methods
How can we address these vulnerabilities using these
techniques:
Firewall
Protect against unauthorized access
VLAN (Virtual Local Area Network)
Logical network that operates on the basis of a physical network
DMZ (De-Militarized Zone)
Exchange data with external partners via safe areas
VPN (Virtual Private Network)
Secure tunnel between authenticated users
25. 25
Peter Brown / IT Security for Industrial Automation
Industrial Security â Everyone?
ManagementOperators
OEM/System
integrators
Component
suppliers
Requirements that operators of industrial
automation systems must meet:
Security guidelines and processes,
Risk management in terms of security
Information and document mgmt.
etc.
System-side requirements in terms of .
Access protection, user control
Data integrity and confidentiality
Controlled data flow,
etc.
Requirements that components of an
automation system must meet in terms of
Product development processes
Product functionalities
Measures and processes that prevent
unauthorized access of persons to
the surrounding area of the plant
Physical access protection for critical
automation components (e.g. locked
control cabinets)
26. 26
Peter Brown / IT Security for Industrial Automation
Industrial Security for Controllers / HMIs
Logon Control â Central, plant-wide user administration.
Deactivation of services â Most network services deactivated
in our products in their basic configuration.
Deactivation of hardware interfaces â The unused interfaces
of HMI / Controller / Device can be deactivated via the
configuration.
Robust Communication â One of the system properties of our
PROFINET devices is their robustness against large volumes
of network traffic or faulty network packets.
Encryption of the user program â Application code for the
PLC / controller can be encrypted.
Copy protection â Encryption protection can be supplemented
with copy protection that prevents duplication of application
code.
27. 27
Peter Brown / IT Security for Industrial Automation
Example of a âCellâ (Machine?)
28. 28
Peter Brown / IT Security for Industrial Automation
Passwords!
Various Passwords are set by default:
HMI: web server; default password = â100â.
HMI: user âAdministratorâ; default password = âadministratorâ.
Switches : user âAdministratorâ; default password =
âadministratorâ.
29. 29
Peter Brown / IT Security for Industrial Automation
Monitoring of PROFINET / Networks for:
Detection of changes
Load monitoring
Security monitoring
Event-forwarding
TAP
BANY Agent
(integrated TAP)
BANY Agent
(external TAP)
MRP
Industrial
Service
Station
Continuous Network / Security Monitoring
30. 30
Peter Brown / IT Security for Industrial Automation
DCS/
SCADA*
*DCS: Distributed Control System
SCADA: Supervisory Control and Data Acquisition
Plant Security
Physical Security
⢠Physical access to facilities and equipment
Policies & procedures
⢠Security management processes
⢠Operational Guidelines
⢠Business Continuity Management &
Disaster Recovery
Network Security
Security cells & DMZ
⢠Secure architecture based on network segmentation
Firewalls and VPN
⢠Implementationof Firewalls as the only access
point to a security cell
System Integrity
System hardening
⢠Adapting system to be secure by default
User Account Management
⢠Access control based on user rights and
privileges
Patch Management
⢠Regular implementation of patches and updates
Malware detection and prevention
⢠Anti Virus and Whitelisting
SecurityServices
Industrial IT Security
Any Questions?