Industrial Security

Protecting safety functions on machinery and plants from attacks

USB flash drive with case removed

Tampered USB stick as a gateway enables attacks on industrial control systems
Source: IFA

Functional safety components protect life and health when working on plants and machinery. For instance, a safety locking function can prevent a safety gate to a hazardous zone of a plant or machine from being opened. To ensure that safety functions of control systems are reliable, the control system itself must also be secure, i.e. protected against tampering.

Safety components must therefore be

  • adapted to their technical environments (networks, interfaces, communication protocols, etc.),
  • protected against tampering and
  • protected against attacks.

The annual State of IT Security Report of the German Federal Office for Information Security (BSI) shows how frequently specific attacs have been observed. The reports describe, for example, attacks on industrial controls capable of putting a blast furnace in a steel plant out of control or instances where a safety control system was hijacked in a chemical plant.

Protection against attacks is therefore imperative, especially for functional safety components.

The DGUV works towards an effective improvement of this situation in a number of different areas:

  • The Institute for Occupational Safety and Health (IFA) trains Social Accident Insurance Institutions, raises security awareness through practical demonstrations of attacks and develops solutions.
  • A working group of the DGUV Test Department has worked with the test laboratories of Social Accident Insurance Institutions and the IFA, drawing up a test principle for security in industrial control systems based on the IEC ISO 62443 standard.
  • The IFA also provides further information on the latest safety and security warnings for supervisors, manufacturers and insured companies.

Security Regulations

Cybersecurity Act

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013

NIS Directive

Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union

Cyber Resilience Act

EU suggestion - Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union

Testing and certification

Prüfgrundsatz GS-IFA-M24 (PDF, 543 kB)(Test Principle, in German only): Standards for the testing and certification of security aspects in the functional safety of industrial automation systems

Contact

Jonas Stein, Dipl.-Phys.

Accident Prevention: Digitalisation - Technologies



Christian Werner, M.Sc.

Accident Prevention: Digitalisation - Technologies

Tel: +49 30 13001-3520
Fax: +49 30 13001-38001