Phoenix Contact industrial security guideline Introduction The increasing interconnection of systems, components, and devices as well as the growing amount of data to be transmitted and stored (in a word: the achievements of Industry 4.0) result in a higher risk of cyber attacks. This is also promoted… Read More
Data backup and restore General considerations on data backups Data loss may not be the result of careless or erroneous actions of authorized users or defects in storage media alone, but may also be the consequence of malicious deletion or encryption of your data by unauthorized intruders. Read More
Zones and conduits (with protection needs analysis) What is a zone? A complete plant is difficult to grasp or categorize in terms of possible threats and necessary security measures. For this reason, the IEC 62443 standard divides a complete system into so-called zones. In terms of the standard,… Read More
IT and OT/ICS: a comparison Note: The abbreviation ICS stands for Industrial Control System. With regard to security, a distinction must be made between different types of technology or networks: IT Information Technology Office (accounting, sales, management, …). Here, the ISO 27001 standard for the plant owner… Read More
Foundational requirements (FR) and system requirements (SR) Foundational requirements (FR) The IEC 62443 standard defines seven foundational requirements (FR). These are basic requirements regarding the security of an ICS. They are addressed to all stakeholders of a plant and used throughout the standard. FR1: Identification and authentication… Read More
Certificates What are certificates used for? Certificates can be used for the following: Securing communication connections between participants in your ICS. Participants can be, for example: Devices used to build automation infrastructures and systems (such as PLCnext Technology controllers, switches, etc.). Server and client… Read More
Defense-in-Depth concept Purpose of the Defense-in-Depth concept A suitable approach to counter manifold cyber threats is a Defense-in-Depth strategy, for example in accordance with the IEC 62443 standard. This means that a holistic approach must include a combination of technological and organizational measures. Furthermore, a defense system… Read More
Technical PC hardening measures Any engineering tool, such as PLCnext Engineer, can manipulate devices or processes in your ICS. To reduce the risk of manipulation, perform security evaluations regularly. PC-based hardening and organization measures Protect any PCs used in automation solution environments against security-relevant manipulations. This… Read More
Security levels Security levels according to IEC 62443-3-3 To categorize the severity of potential threads, protection classes are available for the various data classes a zone stores/processes or a conduit transmits. This is the basis for the required level of protection of an entire zone or conduit. In… Read More
Anti-malware inspection The list of security incidents in industry is growing longer all the time: Stuxnet, Industroyer, TRITON, or WannaCry are examples of malware/ransomware which attacked SCADA systems, safety controllers etc. While anti-virus/anti-malware software is common and widespread on IT systems, OT components are often still unprotected. Read More
