Industrial plants are networked with the outside world and constantly communicating with numerous different information systems. Standalone plants are definitely a thing of the past. Uncontrolled external and internal communications are obviously not the aim here, yet various threats nevertheless exist for safety and security. Any automation system is vulnerable to malware infiltration via data storage media, SIM cards or service accesses.
Innovative infrastructures
Innovative infrastructures implemented by experts are essential for continuous and secure interaction with the outside world. Highly sensitive production data has to be protected, particularly in the process industry. Permanently secure communications must be ensured by means of special security measures, which are suitable for preventing any inadmissible events identified by the experts.
Martin Schwibach, coordinator of the NAMUR Working Group for Automation Security, confirms here in a short interview that IT security lays the foundation for functional safety
‘NO SAFETY WITHOUT SECURITY!’ is Martin Schwibach’s key message.
Watch the video on safety and security!
3 action areas
Mr. Schwibach describes the following three action areas from the IT security perspective:
1) “Technical capabilities”
Manufacturers must consider technical IT security requirements when designing components, equipment, systems and applications, so that security solutions can be implemented accordingly.
2) Processes
Optimized and efficient processes must be developed for the plant owner or the manufacturer, to enable the new technologies to be used in a smart way.
3) Threats
Which threats is the safety and security system exposed to? – Evaluation by means of PEN (penetration) tests. What form should an optimally networked safety and security system take?
“Security by design”
Innovative security technologies and concepts must undergo an applicability assessment at an early stage. They can then be implemented in new products and considered over the lifecycle as a whole (security development lifecycle).
Security by design meanwhile forms the basis for maintaining system protection throughout the lifecycle. That’s something we recognized early on, which is why security by design and the security development lifecycle are substantial elements of our Yokogawa DNA. To verify just how secure the complete plant architecture which is embedded in the customer’s infrastructure is in practice, we recommend performing risk assessments. Any weaknesses which exist are identified by experts in this way. In the next step, the experts implement made-to-measure security solutions, which serve as a starting point for reliable safety applications and enable the identified weaknesses to be eliminated, explains Peter Exo, Head of Services, Yokogawa Germany.
We – Yokogawa – are qualified as an independent service provider to carry out the “Detailed Risk Assessments” for BASF in Asia and America. Click here to read the news.
Do you know the security status of your plant? Would you like to receive more information on automation security? If so, we look forward to hearing from you. Feel free to write a comment.
If you’d like to learn more about safety & security, click here.
