The PROFINET Security Specification Makes Concrete Progress
Security in the field of operative technology (OT) is proving itself to be a decisive requirement for secure data collection, which is of crucial importance when it comes to implementing digitalization projects. Digitalization means, for example, the optimization of production processes and alignment between the physical and digital worlds. At the same time, normative requirements on the cyber security of machines, systems and companies are becoming stricter.
PI already realized some time ago that the underlying requirements in the area of OT security are of utmost importance. Step-by-step specifications, proofs of concept and guidelines were developed by technical working groups. This process makes it possible to adapt the scope in a manageable and flexible way.
PROFINET Security Class 1 has now transitioned to concrete implementation. For this purpose, PI established infrastructure for the signing of GSDs. The basic elements for Security Classes 2 and 3 have been defined in the most recent specifications and include a definition of crypto-algorithms and certificate handling, among other things. This means that hardware and firmware producers have already been able to get started with development. At present, the final functions—some of which have also been derived from IEC62443—are being specified in detail, including security reporting.
As expected by both members and users alike, PI is establishing certification alongside this. The result will be applicable and recognized security technology which meets the respective requirements and has been developed in close cooperation with manufacturers, users and relevant institutions and authorities.
With this concrete progress, PI is making a valuable contribution to the strengthening of cyber security in the OT field and is also helping to make the digital transformation in industry more secure.