IT-SIvA: IT security infrastructure for distributed automation systems

With the increasing use of standardized Ethernet-based communication protocols, such as PROFINET or Ethernet IP, and a further increase in vertical and horizontal networking of automation systems, threats regarding IT security are also becoming relevant for automated technical processes. To ensure IT security in today's plants, organizational and technical measures at network and device level are recommended.

Future plant structures will be more meshed and decentrally organized or might even communicate with other technical systems worldwide via the Internet (Industry 4.0, Cyber-Physical Systems (CPS) and Internet of Things (IoT). Service-oriented middleware systems (such as OPC-UA, web services, openIOT) are regularly employed for this purpose.

By applying these concepts, the integrated IT security of all components involved plays an increasingly important role. The progressive opening of networks shows that the previously pursued strategy of sealing off automation systems must be supplemented by further measures. A comprehensive IT security concept is required, which addresses the following requirements in particular:

• Securing communication (secure middleware)
• Authentication and authorization of the communication partners; also for ad-hoc connections.
• Simple administration of the additional security measures.

Therefore, in this project, a corresponding IT security concept is to be created and tested using the example of a demonstrator.