Table of Contents
Advertisement
15 Cyber and IT security
15 Cyber and IT security
The digitalization of production provides plenty of versatility
for collecting and using data. A secure network configura-
tion must be established to provide protection from cyber
crime. The following information is designed to describe
time-tested practices for cyber and IT security.
15 . 1 Physical device protection
Only operate the unit in the protected range of a safety
zone with (restricted) access for authorized personnel.
Protect the (control) cables for the unit and all externally
connected components from access by unauthorized per-
sonnel so that the unit cannot be manipulated.
Anti-tampering seal
Only use devices with an undamaged seal. Otherwise, the
device may have been opened, tampered or damaged and
pose a risk for the system.
Fieldbus interface
To prevent misuse caused by changing security-critical data,
for example, protect the fieldbus interface and communica-
tion network from unauthorized access.
Secure decommissioning
The unit contains sensitive data and should be kept in a
safe, inaccessible location when it is not in use.
Delete all the security-sensitive data when the unit is finally
decommissioned or replaced.
DG smart · Edition 09.23 · EN
15 .2 Securing the network
A securely planned, designed and operated network ar-
chitecture ensures that network access delivers adequate
security.
Physical separation
The unit should be installed and connected in a controller
network isolated from the company network
This method ensures a high level of security. There is no
physical connection between the controller network and
the company network/Internet. The use of wireless devices
to control the controller network may endanger the security
of the network.
Firewall isolation
Only use a connection between the controller and company
network which is secured by a firewall (secure gateway).
Unknown sources and enquiries from unreliable clients are
filtered out.
A secure gateway includes a VPN set-up with defined au-
thorized users.
The requirements for using VPN are as follows:
• Secure VPN service
• Secure configuration of the VPN clients for remote ac-
cess
• Secure standard settings on the VPN components
Network address translation (NAT)
NAT allows the partial isolation of the external network from
the control system network. If NAT is correctly configured, it
should not permit any connection from an external system
to the control system.
33
Advertisement
Table of Contents
