Industrial Communication and Information Security in Industrial Automation

Qualification aims

The module makes students familiar with concepts, architectures and technologies of industrial communications. The module covers the full range of communication from real-time Ethernet networks to internet-based applications and remote access scenarios. The module emphasises on protocols and software and as well as on network infrastructure devices.

Students can

• evaluate, plan and configure industrial communication systems
• evaluate, plan and configure industrial IT/IoT systems
• evaluate, plan and configure industrial IT-security systems

by

• understanding the principles of real-time Ethernet solutions and their applications in Automation including e.g. TSN, PROFINET and OPC UA
• understanding the difference of horizontal and vertical communication
• gaining detailed knowledge and experience in PROFINET regarding concept, engineering, diagnosis and maintenance
• understanding the requirements and functionality of network devices and controllers
• analyzing and evaluating network traffic in real-time applications by means of tools
• installing and configuring network devices
• planning and commissioning of network installations
• understanding connectivity architectures, current technologies and protocols for Industrial Internet of Things (IIoT)
• understanding the special prerequisites of industrial IT technologies vs. office environments
• evaluating the pros and cons of various protocols
• understanding industrial security objectives (availability, integrity, confidentiality)
• analyzing security objectives in IT and industrial automation scenarios
• comprehending international security standards for automation such as IEC 62443 or VDI 2182
• understanding the roles of vendors, system integrators and asset owners (end users)
• determining and evaluating system security vulnerabilities
• understanding and applying risk analysis methods to develop and evaluate measures
• evaluating typical threats, risks and measures in industrial automation scenarios
• developing methods to determine vulnerabilities
• understand encryption methodology incl. signatures
• estimating security tool limitations
• understanding, planning and configuring firewall technology
• summarizing results in reports
• presenting results in oral presentations

to

• be able to design, manage and maintain industrial automation systems
• be qualified for a professional career as automation engineer

Courses

The module consists of three courses:

Industrial Communication

Contents

• Ethernet-based industrial communication (focus on PROFINET)
• Network analysis of real-time Ethernet networks
• Network devices (switches, routers)
• Architecture of plant networks vs. corporate networks
• Integration of plant network and corporate network
• Practical part:
• PROFINET engineering and commissioning workshop
• Configuring network devices
• Designing and configuring PROFINET applications including M2M

Industrial IoT

Contents

• Introduction into Industrial IoT and ‘Industrie 4.0’
• Designating factors of industrial IoT applications
• IIoT connectivity, interfaces and protocols, such as MQTT, OPC UA
• Interfacing systems via OPC UA
• Architecture of vertical and horizontal IIoT applications
• IoT platforms and cloud-based systems
• IIoT Semantics and their implementation, e.g. via OPC UA
• Digital twins
• Handling of data
• Principles and terminology of MES (ISA-95)
• Industrial implementation examples, focus on OPC UA and MQTT

IT-Security

Contents

• Introduction into basic terms of IT security (security objectives, mechanisms, example scenarios)
• The information security management system – instruments and methods used by management to systematically control (i.e., plan, put in place, implement, monitor, and improve) tasks and activities relating to IT security
• International standards on IT security, e.g. IEC 62443
• Cryptographic procedures as mechanisms to achieve security objectives current cryptographic standards
• Principles and mechanisms of authentication
• TCP/IP based network and service security (weaknesses, attacks, examples)
• Firewall and IPS systems (application level gateways, packet filters, remote access)
• Specific requirements and conditions of industrial automation
• Threads and risk assessment
• Security aspects of Ethernet based automation protocols
• Functional security limitations and interfaces
• Design aspects and typical architectures of secure automation devices and systems
• Vulnerability Test and development of test cases for benchmarks and audits
• Security & Safety

Bibliography

• Klasen, F. et al.; Industrial Communication with Fieldbus and Ethernet VDE Verlag, 2011, ISBN 978-3-8007-3358-3
• Anderson, Ross: Security Engineering, John Wiley & Sons Inc, 2001
• Eckert, Claudia: IT-Sicherheit. Konzepte Verfahren Protokolle, Oldenbourg, 2006
• Schneier, Bruce : Practical Cryptography, John Wiley & Sons, 2003
• Schneier, Bruce : Secrets & Lies. IT-Sicherheit in einer vernetzten Welt, Dpunkt Verlag, 2006
• http://www.securityfocus.com (aktuelle Sicherheitsmeldungen)
• Normen und Richtlinien: Manufacturing and Control Systems Security ISA SP99 VDE/VDI 2182
• Meyer, H., Fuchs, F., Thiel, K.: Manufacturing Execution Systems: Optimal Design, Planning, and Deployment. Mcgraw Hill Book Co, 2009.
• Kletti, H.(Editor): Manufacturing Execution System MES. Springer Berlin Heidelberg, 2010
• Schleipen: Praxishandbuch OPC UA, ISBN 978-3-8343-3413-8
• Lea: Internet of Things for Architects, ISBN 978-1-78847-059-9
• http://mqtt.org/
• https://www.amqp.org/
• IEC 62443 international norm