Technical Articles

Introduction

The spreading of automation technology as well as information technology are the two main processes that have influenced industrial production within the last decades.
Read in a series of articles, how both are increasingly depending each other offering new perspectives of productivity increase yet new risks and tasks for industrial security measures.

Why a production process needs information technology

Information technology is the heart of control rooms

Information technology has changed more radically over the past twenty years than practically any other field. Particularly in connection with the internet and mobile communication technologies, IT has progressed at breakneck speed to become firmly entrenched in every aspect of the modern factory.
It is only with the widespread application of these technologies that it has been possible to network production facilities, plants and machines across different locations, supply chains and national boundaries. This development has served to bring about a boost to productivity comparable only to the advent of automation technology.


The digital factory requires reliable protection

New risks occur with new technologies

Over recent decades, industry has seen three main boosts to productivity: first, the advent of automation technology, second, the introduction of networking from the management to the field level on the basis of standards (Ethernet, TCP/IP and ProfiNet), and third, the introduction of operator control and monitoring devices using Windows-based operating systems.
The use of modern standard solutions allows automation systems to be efficiently connected and their data used for comprehensive analysis purposes. However, the improvements gained in terms of accessibility, efficiency and productivity must be accompanied by a high-level of protection against attack both from the outside and from within.


Never change a running system

Legacy sytems - a leak in Industrial Security?

While the service life of office equipment is limited to three or four years at the most, plants, systems and devices used in factory environments are expected to carry on running for a minimum of ten years, and in most cases for 15, 20 years or even longer.

But where do these systems stand on the issue of security once their operating systems are no longer supported by the manufacturer and when updates and patches are no longer available?


More than just communication

Industrial Ethernet

Although today’s office products use internationally recognized standards, they are not capable of meeting the wide-ranging needs posed by modern industry. Complex industrial applications call for a high level of availability, durability and, most importantly, real time capability. It is precisely in this area of conflicting priorities that industrial Ethernet comes into its own and where its needs diverge from those of the office network. The focus here is on differing approaches to the issue of information security.


Banished from digital paradise

Banished from digital paradise

The appearance of the Stuxnet trojan in the summer of 2010 marked something of a turning point in terms of the protection of industrial systems and critical infrastructure: Suddenly the vulnerability of systems had become more than simply a hypothetical issue which concerned IT departments – it had been exposed as a practical reality. Nobody had previously conceived of the possibility that anyone would have either the inclination or the technical means to infiltrate industrial systems and to selectively influence targeted processes. Stuxnet highlighted the need for everyone involved in the life cycle of industrial systems to adopt a whole new approach and to reassess existing security concepts.