Data backup and restore General considerations on data backups Data loss may not be the result of careless or erroneous actions of authorized users or defects in storage media alone, but may also be the consequence of malicious deletion or encryption of your data by unauthorized intruders. Read More
Certificates What are certificates used for? Certificates can be used for the following: Securing communication connections between participants in your ICS. Participants can be, for example: Devices used to build automation infrastructures and systems (such as PLCnext Technology controllers, switches, etc.). Server and client… Read More
Phoenix Contact industrial security guideline Introduction The increasing interconnection of systems, components, and devices as well as the growing amount of data to be transmitted and stored (in a word: the achievements of Industry 4.0) result in a higher risk of cyber attacks. This is also promoted… Read More
Passwords Each (human) user of a system component needs to be identified and authenticated for all access. For that purpose, passwords can be used. Further authentication methods can be, for example, biometrics (e.g. finger print scanner, face recognition), tokens, physical keys, key cards or evaluating the geographic location… Read More
IT and OT/ICS: a comparison Note: The abbreviation ICS stands for Industrial Control System. With regard to security, a distinction must be made between different types of technology or networks: IT Information Technology Office (accounting, sales, management, …). Here, the ISO 27001 standard for the plant owner… Read More
Security from the operator’s view Introduction Note: Many requirements are listed in both standards IEC 62443-2-1 and ISO/IEC 27001 From a plant operator’s point of view, many requirements apply that are defined in both ISO/IEC 27001 (which deals with IT system security) and IEC 62443-2-1 (draft edition 2.0). Even… Read More
Logging and monitoring Log and status data as feedback for security improvements The early detection of security-relevant incidents as well of system errors and performance “bottlenecks” during operation or data transmission depends to a large extent on adequate logging and monitoring. In particular, log data and… Read More
Why cyber security? There are several definitions for cyber security, like Cyber security is the state in which the risks associated with the use of information technology are reduced to a tolerable level. Risks arise from threats and weaknesses to systems and products. Information security is… Read More
(Central) User management General considerations on user management If communication is allowed through a firewall or possible via local access, access should be protected by a user login. Users in this context may be human users, software processes, and devices used to build automation infrastructures and systems. Read More
IEC 62443 standard: security for industrial applications Overview on the parts of the standard The IEC 62443 standard series defines the necessary security processes and functional measures for device/component manufacturers, system integrators, and operators of machines and plants. It is a common security standard for industrial automation systems and… Read More
