Authors:
Venesa Watson
1
;
Xinxin Lou
2
and
Yuan Gao
3
Affiliations:
1
Areva GmbH and University of Siegen, Germany
;
2
Areva GmbH and Bielefeld University, Germany
;
3
Areva GmbH and Otto-von-Guericke University, Germany
Keyword(s):
PROFIBUS, Industrial Networks, Security, OPC UA, Defense-In-Depth.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Data Protection
;
Information and Systems Security
;
Network Security
;
Security Deployment
;
Security in Information Systems
;
Wireless Network Security
Abstract:
PROFIBUS is a standard for fieldbus communication, used in industrial networks to support real-time
command and control. Similar to network protocols developed then, availability is the security objective
prioritized in the PROFIBUS design. Confidentiality and integrity were of lesser importance, as industrial
protocols were not intended for public access. However, the publicized weaknesses in industrial
technologies, including the inclusion of publicly available technology and protocols in industrial networks,
presents major risks to industrial networks. This paper investigates the security risks of and provides
suggested security solutions for PROFIBUS. The objective is to review the PROFIBUS protocol, to
establish the purposefulness of the design and its suitability for the applications where it forms a core part of
the infrastructure. The security risks of this protocol are then assessed from successful and possible attacks,
based on the vulnerabilities. Proposed securit
y solutions are reviewed and additional recommendations
made concerning the use of OPC UA, accompanied by an analysis of the cost of these solutions to the
efficiency and safety of the PROFIBUS. The findings of this paper indicate that a defense-in-depth
approach is more feasible security solution, with strong security controls being implemented at networks
interconnecting with the PROFIBUS networks.
(More)