Phoenix Contact industrial security guideline Introduction The increasing interconnection of systems, components, and devices as well as the growing amount of data to be transmitted and stored (in a word: the achievements of Industry 4.0) result in a higher risk of cyber attacks. This is also promoted… Read More
Data backup and restore General considerations on data backups Data loss may not be the result of careless or erroneous actions of authorized users or defects in storage media alone, but may also be the consequence of malicious deletion or encryption of your data by unauthorized intruders. Read More
Zones and conduits (with protection needs analysis) What is a zone? A complete plant is difficult to grasp or categorize in terms of possible threats and necessary security measures. For this reason, the IEC 62443 standard divides a complete system into so-called zones. In terms of the standard,… Read More
About this guideline Validity of this guideline The present documentation is not specifically related to any specific device or software version. It is rather to be understood as generic information which has to be supplemented by the related product-specific information given in the respective device manual or… Read More
Secure communication by encryption and authentication Main goals: integrity and authentication The implementations described in this chapter serve to pursue two main objectives of security engineering: to achieve data integrity and to authenticate users and data sources. Integrity: is the data unchanged? Checksums indicate the… Read More
ISO/IEC 27001 standard: security for traditional IT systems ISO/IEC 27001 is the leading international and most important standard regarding cyber-security of Information Technology (IT) systems. It describes the implementation of an Information Security Management System (ISMS) by providing clear guidelines for planning, implementing, monitoring, and improving your information… Read More
Port protection and port alerts Infected hardware, like USB sticks or laptops, can transfer malware to the network. The following measures can be taken to prevent this: Configure the port security function of the devices involved in a way that unknown devices cannot exchange data with the… Read More
Security from the operator’s view Introduction Note: Many requirements are listed in both standards IEC 62443-2-1 and ISO/IEC 27001 From a plant operator’s point of view, many requirements apply that are defined in both ISO/IEC 27001 (which deals with IT system security) and IEC 62443-2-1 (draft edition 2.0). Even… Read More
IEC 62443 standard: security for industrial applications Overview on the parts of the standard The IEC 62443 standard series defines the necessary security processes and functional measures for device/component manufacturers, system integrators, and operators of machines and plants. It is a common security standard for industrial automation systems and… Read More
Security-relevant laws and industrial standards It is important to understand that IT security is not only a new “product feature” that a vendor can implement more or less well at its own discretion. Instead, the integration of security features into automation equipment, systems and components is now required… Read More
