PuK - Process Technology & Components 2024
A technical trade magazine with a history of more than 60 years.
A technical trade magazine with a history of more than 60 years.
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Components</strong><br />
OT security<br />
New standards affect the OT network<br />
OT security must be planned from the outset<br />
Denise Fritzsche und Dipl.-Ing. (FH) Nora Crocoll<br />
Security is becoming an increasingly<br />
important topic for machine builders<br />
and plant operators. Standards<br />
such as IEC 62443 (international series<br />
of standards for “Industrial communication<br />
networks - IT security<br />
for networks and systems”), among<br />
other things, set requirements for<br />
system security and security levels.<br />
The objective is to strengthen industry’s<br />
cyber resilience, above all<br />
on the OT (Operational <strong>Technology</strong>)<br />
level too. For this is affected by attacks<br />
on the IT level with increased<br />
regularity, effectively as “bycatch”.<br />
At the same time, it should also be<br />
protected from direct attacks, which<br />
occur in the production environment.<br />
Security is therefore a topic<br />
that not only concerns the individual<br />
system parts, but above all the<br />
communication platform used too.<br />
Plants in automated production or<br />
the process industry are made up<br />
of numerous individual machines.<br />
The management initiates digitalisation<br />
projects such as process optimisation,<br />
increasing process transparency,<br />
energy management, etc.<br />
As a result, the requirements for<br />
network communication and its security<br />
change. As matters currently<br />
stand, IEC 62443, Part 3-3 (“System<br />
security requirements and security<br />
levels”) will also be incorporated in<br />
the (EU) Machinery Regulation via<br />
Annex III 1.1.9 and will create the<br />
circumstances for secure communication.<br />
Regardless of this, the Directive’s<br />
regulations are already helpful<br />
requirements for ensuring security<br />
in an OT network. It can be assumed<br />
that plant builders and operators will<br />
soon be required to have more network<br />
know-how. Or they will bring in<br />
external expertise, as is the case for<br />
mechanical engineering.<br />
Security concepts<br />
OT security is not something that can<br />
be simply “pulled on” after completion<br />
of a plant. Rather, the topic affects<br />
every installed component of<br />
the plant and extends to the depth<br />
of the physical network structure.<br />
Cyber security must therefore be<br />
planned from the outset. To this end,<br />
IEC 62443 provides various security<br />
concepts, which not only concern the<br />
hardware and systems used, but also<br />
Fig. 1: Tools and strategies for cyber security concern the entire life cycle of a plant.<br />
(Copyright holder: Indu-Sol)<br />
processes in the company and the<br />
organisation’s degree of maturity, in<br />
other words, the employees’ understanding<br />
of the existing processes<br />
and their ability to know what to do in<br />
the respective problem case.<br />
The network experts of Indu-Sol<br />
have been dealing with the reliability<br />
of industrial networks since the<br />
company was founded a good twenty<br />
years ago. A network that does not<br />
function reliably, for whatever reasons,<br />
always also influences the security<br />
of the whole plant. The tools can<br />
be used to make transparent what is<br />
going on in the network. Above all in<br />
relation to the security of networks,<br />
plant builders and operators can be<br />
supported in the areas of hardware<br />
and systems as well as the maturity<br />
of the organisation by providing appropriate<br />
system training courses.<br />
Network in the plant life cycle<br />
Whoever plans for OT security in<br />
plants should also do the same for<br />
the network. But this is a complex<br />
undertaking, which cannot be simply<br />
dealt with as an aside. It needs a<br />
network engineering expert, not only<br />
for the plant planning but also during<br />
subsequent operation. But this is<br />
usually not feasible from a financial<br />
point of view, and as a consequence<br />
of the shortage of skilled personnel,<br />
well-trained employees for network<br />
engineering are hard to find. This is<br />
where it can make sense to outsource<br />
the network topic to external service<br />
providers from the initial period of<br />
the plant’s life cycle (Fig. 1). This provides<br />
the additional advantage that,<br />
on handover of the finished plant<br />
from plant builder to plant operator,<br />
there is no change in responsibility<br />
for the network engineering.<br />
Network experts are able to provide<br />
advisory support during the<br />
strategic planning phase. They then<br />
undertake the network planning in<br />
104 PROCESS TECHNOLOGY & COMPONENTS <strong>2024</strong>