The next steps in PROFINET Security integration

Industry 4.0 applications live off of connectivity and the exchange of data between the IT and OT levels. This makes it possible to create new business models and increase productivity, with plant and data security naturally taking center stage. This is one reason why PROFIBUS & PROFINET International (PI) started addressing the topic of security early on. The development of this topic of ever-increasing importance has now taken several steps forward.

Following definition of the concept and coordination with users, where PROFINET Security is defined in three separate security classes and security class 1 has already been finalized in the most recent specification and in guidelines, two additional steps have been carried out.

Signing of the GSD is an important part of implementing class 1. With a signed GSD, it can be ensured that the GSDML – which describes the technical properties of a device in an XML file – has not been changed, either unintentionally or intentionally. For PROFINET users, this is crucial support for the secure operation of their plant. Corresponding infrastructure within PI and, if applicable, of the manufacturers, has to be set up for this. This setup and the subsequent operation of a corresponding security infrastructure for the signing of GSDs have begun.

The second step is comprehensive specification of security classes 2 and 3 as part of the PROFINET specification currently under PI review. Integrity, authentication and confidentiality are possible for both acyclical and cyclical PROFINET communication. At constructive discussions, experts from different companies and research institutes have developed a suitable security solution for the OT field from the extensive possibilities. It was important, here, to select available security standards which meet the requirements of the industrial applications. These definitions are currently being safeguarded for integration possibilities by examining the selected security algorithms on different platforms.

Easy-to-read guidelines and white papers on the use of PROFINET Security are also being created for non-specialists. The mapping of PROFINET Security to IEC 62443 is also considered to be support for the user here.