Effective protection of Ethernet-based automation networks against data espionage and manipulation is of enormous importance to users with respect to acceptance. Since the automation networks merge with company networks over open IT standards, the probability of inadvertent or intentional access violations in the automation sector increases.
The working group ?PROFINET Security? of PROFIBUS International created a concept that accounts for the threats as well as the special requirements in the world of automation. By using proven and open security mechanisms, it is possible to protect the entire automation network.
The essence of the security concept consists of segmenting the automation network by forming protected automation cells. The network nodes within a cell are protected by special PROFINET security network components so that only authorized data traffic is permitted to pass. Specialized security client software can be used for access with client PCs to protected automation equipment. The data traffic between protected cells or between client and cell nodes can also be encrypted to reliably protect against data espionage or data manipulation. This is of particular interest to protect the communication for remote access applications via the Internet in case of service calls.
The same measures are used in PROFINET systems with integrated PROFIBUS systems. Since a PROFIBUS subsystem is considered to be an automation cell, the protection of a subordinated PROFIBUS system as a whole is ensured.
The new PROFINET Security Guideline is available for download on the PROFIBUS homepage (www.profibus.com).
PROFIBUS International initiated a collaboration with NAMUR, VDMA, VDI/VDE and ZVEI to harmonize the security activities of the organizations and to jointly approach the standardization efforts in the IEC and ISA. For that purpose a meeting took place in January 2005. A workshop with experts is scheduled for May 11 and 12, 2005 in order to discuss the co-ordination of the extensive activities and to determine the joint further proceedings.