Recently, the IT and OT worlds have started to overlap. While this has brought many benefits to manufacturing, it also means that plant staff now also needs to consider IT security threats to their operations. Actual measures for reducing those risks need to be considered and implemented. From the factory system point of view, it is said that the priority of protection requirements is availability, integrity, and confidentiality. Another difference from IT systems is “the human factor.” Personnel are in a plant floor to manufacture, maintain, or manage the plant. The role and the authorization assigned to personnel related to a target plant system should also be considered.
■ CC-Link IE Security Working Group (WG)
Both physical and cyber security measures have to be considered for plant security. In general, one measure is insufficient and the “defense in depth” concept, combining multiple measures, needs to be contemplated.
System security architecture
Physical access control
Industrial network security access control, integrity, and confidentiality
Security monitoring
■ Scope of the CLPA Security WG
The first step of the CLPA Security WG focuses on network security, especially when the user adopts the SeamLess Message Protocol (SLMP) and CC-Link IE Field Basic where general IP communication is used for both cyclic and transient communications. A guideline document for secure network design will be created. The guideline document will be based on IEC62443 including the defense in depth security approach. Router/switch configuration examples for secure SLMP and CC-Link IE Field Basic are also described.
Overview of Industrial network security
Security concerns viewpoint for industrial networks
Defense-in-depth security approach
Use-case examples
■ Participating Companies
The CC-Link Partner Association Ethernet Security Working Group includes participation from Cisco Systems, Hilscher, Mitsubishi Electric, HMS, Belden-Hirschmann, MOXA, Panduit and MIND.
>>For more information, click here
