Visible to the public Challenges and prospects of communication security in real-time ethernet automation systems

TitleChallenges and prospects of communication security in real-time ethernet automation systems
Publication TypeConference Paper
Year of Publication2018
AuthorsMuller, T., Walz, A., Kiefer, M., Doran, H. Dermot, Sikora, A.
Conference Name2018 14th IEEE International Workshop on Factory Communication Systems (WFCS)
KeywordsAutomation, automation-friendly security solution, communication security, compositionality, computer network security, industrial control, industrial control systems, Information Reuse and Security, information technology, Local area networks, open systems, operational technology, PROFINET, Protocols, pubcrawl, real-time Ethernet automation systems, Real-time Systems, Resiliency, security, security architecture, security requirements, Standards
AbstractReal-Time Ethernet has become the major communication technology for modern automation and industrial control systems. On the one hand, this trend increases the need for an automation-friendly security solution, as such networks can no longer be considered sufficiently isolated. On the other hand, it shows that, despite diverging requirements, the domain of Operational Technology (OT) can derive advantage from high-volume technology of the Information Technology (IT) domain. Based on these two sides of the same coin, we study the challenges and prospects of approaches to communication security in real-time Ethernet automation systems. In order to capitalize the expertise aggregated in decades of research and development, we put a special focus on the reuse of well-established security technology from the IT domain. We argue that enhancing such technology to become automation-friendly is likely to result in more robust and secure designs than greenfield designs. Because of its widespread deployment and the (to this date) nonexistence of a consistent security architecture, we use PROFINET as a showcase of our considerations. Security requirements for this technology are defined and different well-known solutions are examined according their suitability for PROFINET. Based on these findings, we elaborate the necessary adaptions for the deployment on PROFINET.
Citation Keymuller_challenges_2018