Pilz SecurityBridge offers industrial peace of mind
Friday, 01 June, 2018
When you think of hackers it conjures up visions of dark figures stealing money from your bank account or MasterCard, but that’s a very limited vision. Hackers can very easily occur in industrial settings and cause far more disruption as well as compromise the safety of innocent workers.
Keeping staff, plant and machinery safe is not an option, it’s a must, but the security must offer flexibility of use and a holistic approach to safety and security.
Nowadays networking plant and machinery using Ethernet-based standards in IT is increasing, therefore so is the need for securing these systems against potential external or even internal manipulation; that is where Pilz SecurityBridge does its job.
SecurityBridge is certified by TÜV in accordance with IEC 62443-4-1 and IEC 62443-3-3 so you can be comfortable in knowing that it’s a well-designed product.
Using Pilz SecurityBridge protects control systems such as PNOZmulti and automation system PSS 4000 from manipulation through unauthorised access. In simple terms, it stops hackers from invading your industrial systems and manipulating settings that could harm your machinery, or more importantly, could compromise the safety of your staff.
Pilz SecurityBridge protects connections between the programming and configuration tools and the hardware controllers from unauthorised manipulation — it acts as a firewall. However, unlike many firewalls it does not need complex configuration as Pilz has designed an application-specific default setting that is easy to commission using a plug-and-play system.
SecurityBridge is placed upstream of the PNOZmulti or PSS 4000 controller and acts like a VPN (Virtual Private Network) server where one or more clients can be configured into the system. As such, the connection is protected and only suitably authorised users can make changes. Unauthorised access is prevented and the result is that hackers can’t tap into it and change settings or your programs.
The VPN server establishes a VPN tunnel for safe data transfer.
SecurityBridge also controls the data traffic. It monitors the integrity and safety of the system by implementing these parameters:
- TÜV-certified and developed in accordance with IEC 62443-4-1 and IEC 62443-3-3
- Protection against manipulation of data through authentication and authorisation management
- Increases plant availability because only required data (authorised configuration and process data) is transferred
- Forwarding of low-latency process data
- Reveals unauthorised changes to the project by monitoring the check sum (CRC)
- Prevents unauthorised access because downstream devices are in a protected network
- Only suitably authorised users can make changes to a project’s configuration.
SecurityBridge is designed to detect threats to configurable small control systems and automation systems to protect them from espionage and manipulation. Using SecurityBridge guarantees the safety of employees and the availability of your machines.
To enable easy access, the system employs a web-based user interface which is simple to configure, with easy-to-run diagnostics and maintenance. Connection with the central authentication system is completed using RADIUS.
Continuous updates are available independent of the control system so you can get them without interfering with the running of the program or of the plant and machinery. LED displays show error messages and display diagnostics. An integrated USB interface is employed for protecting and re-establishing the configuration by means of a USB memory stick.
The unit also includes configurable digital inputs and outputs, so you can incorporate a key switch for activating the VPN tunnel, and signal to higher level control system if the CRC has been changed (eg, by someone connecting locally to the controller).
In the future Pilz will release further products connected to security within the industrial space taking into account threat scenarios, strengths and weaknesses of protocols or encryption methods to deliver security, machinery and human safety.
These technical innovation measures will only work with the right training and so must be done hand in hand with the comprehensive training that Pilz offers.
Keeping staff, plant and machinery safe is a must, but the security must offer flexibility of use...