In the past, communication networks found on the factory floor were clearly separated from the rest of the business. This was a luxury, in that isolation resulted in security for manufacturing processes. Today, it is increasingly common that the automation network be based on Ethernet, and that it is connected within a corporate Intranet or even with public networks such as the Internet. This provides benefits ranging from information transparency to network maintenance. However, there is a resulting increase in concern for potential attacks on the vital communication infrastructure of the factory.
The result of an attack could range from product and financial loss to serious safety risks. This poses unique security challenges even beyond those of the traditional office network. In an industrial communication environment, you must also consider the following criteria:• Protection against external interference• Security to guard against unauthorized access• Protection of mission critical manufacturing network segments• Accommodate varying network topologies• Scalable security functionality What is the solution? An accepted technique to secure networks is the use of a firewall. A firewall can be used to protect the automation network from unauthorized trespassing.
It is particularly recommended with large networks, since the risk of trespassing rises sharply with an increase in the number of users. A second, very secure alternative to protect a network is to use a VPN (virtual private network). VPN’s can offer authentication of communication partners, encryption of messages and data integrity checking. Siemens offers a security solution optimized for industrial automation, which addresses the specific requirements of this environment. Siemens
Scalance Security Module
controls data traffic between internal and external networks, protecting automation cells from unauthorized access and unnecessary communication load. The
Scalance Security Module
offers protection for up to (64) devices and can have (128) simultaneous VPN channels. The firewall feature can be used to supplement the VPN or as an alternative to VPN with flexible access control. User-friendly configuration means no special IT security knowledge is required. Designed to survive the harsh environments of the factory floor, this module offers an extended temperature range from -4° to +158°F (-20° to +70°C). The security module is offered with an option of adding a 32MB EPROM to store the configuration or application data.
This greatly simplifies maintenance and reduces the time needed to repair. The available
Softnet Security Client
software package enables client access for PCs or programming devices to the automation devices protected by the
Scalance Security Module
.
