Security for Industrial Communication Systems

Modern industrial communication networks are increasingly based on open protocols and platforms that are also used in the office IT and Internet environment. This reuse facilitates development and deployment of highly connected systems, but also makes the communication system vulnerable to electronic attacks. This paper gives an overview of IT security issues in industrial automation systems which are based on open communication systems. First, security objectives, electronic attack methods, and the available countermeasures for general IT systems are described. General security objectives and best practices are listed. Particularly for the TCP/IP protocol suite, a wide range of cryptography-based secure communication protocols is available. The paper describes their principles and scope of application. Next, we focus on industrial communication systems, which have a number of security-relevant characteristics distinct from the office IT systems. Confidentiality of transmitted data may not be required; however, data and user authentication, as well as access control are crucial for the mission critical and safety critical operation of the automation system. As a result, modern industrial automation systems, if they include security measures at all, emphasize various forms of access control. The paper describes the status of relevant specifications and implementations for a number of standardized automation protocols. Finally, we illustrate the application of security concepts and tools by brief case studies describing security issues in the configuration and operation of substations, plants, or for remote access.