Digital networking is forging ahead rapidly in the process industry, and modern, integrated automation solutions are simplifying handling and making processes more flexible and efficient. However, this technology opens up new avenues into the previously self-contained automation level and can offer a convenient entryway for attacks.
Cyber adversaries can be quite different in nature: they can range from individual hackers to criminals or even nation states. Such attacks are still rare in the process industry; however, operators need to be vigilant as any attacks on IT can affect OT areas very quickly.
The advantages of wireless communication
Despite the risks, this new open-endedness offers numerous advantages for users. For example, level sensors provide important data across many different areas of industrial activity at all locations, allowing worldwide inventory management. Wireless data transmission is also used to retrieve status information from the sensors, for example to report maintenance requirements or to request an update, reducing downtime.
The development of wireless communication with Bluetooth has also increased the use of this solution, as it makes the adjustment and commissioning of sensors and controllers easier – which can also help avoid accidents. Yet from a cyber security perspective, there are challenges. This data is increasingly being bundled into production and maintenance systems so that it can then be further processed in the office or control room. This creates discontinuities between operational and security functions.
Holistic security concept
For this reason, VEGA put great effort into achieving certification as per IEC 62443-4-2 (an international series of standards that provide a flexible framework for systematically assessing, evaluating and implementing security requirements for hardware as well as software) while it was developing the VEGAPULS 6X radar level gauge.
The entire development process of VEGAPULS 6X was therefore geared to these standards, including an analysis of possible threats in order to identify weak points and develop countermeasures at an early stage. These safety measures include the encapsulated electronics of VEGAPULS 6X, which prevents manipulation, and a built-in Defense-in-Depth strategy (a tiered security concept that consists of several IT security layers, production equipment security, network security and the security strategies of the various system components). This provides protection against data manipulation, denial of service and espionage.
Security features of the VEGAPULS 6X are:
- User authentication: including an individual device code and Bluetooth access code. Bluetooth connections are encrypted and offer the user the option to be deactivated again after the device has been configured
- Event memory: VEGAPULS 6X records both successful and unsuccessful locking and unlocking attempts in an event memory
- Firmware integrity checks: the software update package is encrypted and signed. This prevents unauthorised software from being loaded into VEGAPULS 6X
- Data backup for recovery
What happens in a worst-case scenario?
When defending against a cyber attack, time is of the essence. All companies should make appropriate preparations, which include drawing up both a clearly defined emergency plan and a plan for rebuilding a secure system after damage.
The VEGA PSIRT (Product Security Incident Response Team) stands ready at all times, continuously searching for vulnerabilities, assisting with updates and patches, answering questions and taking action in critical situations. VEGA also works closely with CERT@VDE, an IT security platform for industrial companies, in reporting and investigating vulnerabilities.
Cyber security is an ongoing dynamic process that requires constant attention from the operator. VEGAPULS 6X is designed to ensure that the user doesn’t have to worry about the area of application, the technology involved, the frequency or version of the sensor.
VEGA strives to make everything as simple as possible when it comes to cyber security, including by encouraging the operator to apply the measures mentioned in the security guidelines, which enable them to use the sensor correctly and securely; and offering additional tips on making a production system more secure, ensuring that users are optimally prepared.
This sponsored editorial is brought to you by Vega. For more information, visit www.vega.com