Cyber security for operative systems begins on the control level
The number of attacks on supply companies with critical infrastructures in the areas of water supply, tunnels, district heating, district cooling and energy is increasing significantly. As a key partner, it is your job to ensure greater cyber security.
Important: No supply security without cyber security!
The increasing need for energy as a result of the energy revolution, e-mobility, smart home scenarios and digital connectivity in supply chains and production are increasing the pressure on the operators of critical infrastructures to ensure secure and reliable operations with maximum availability in the future.
When it comes to ensuring reliable operations, simply optimizing systems and processes in the supply field is no longer enough. After all, digitalization is revealing more and more security weaknesses in the hardware and software for existing Internet-capable products. In this country, supply companies have long been a target of cyber attacks. In May 2020, three federal authorities together warned of possible threats.
Your competent partner for futuristic system security
Are you in the middle of a project or just starting one? Wherever you are, Saia Burgess Controls will support you in every phase of your project: when assessing the planned automation and IT infrastructure, assessing your own risks while taking into account the systems and data flows or planning specific measures and setting targets. When it comes to implementing technology in the operative field, cyber security begins on the control level. Saia Burgess Controls: We focus on the future:
- With products for automation, engineering, operating systems on site and suitable management systems with integrated cyber security
- The products come equipped with all security features and offer maximum protection with role-based user accounts, password checks (password strength), limited validities, data encryption, the recording of events such as access, errors and attacks and much more.
- They also include a cyber-secure PLC system with the latest future-proof generation of cryptographically secure Saia PCD controllers to meet current standards.
- Modern software and hardware procedures for encrypting and signing programs and user data.
- Various IT/OT and Fieldbus protocols via IP and serial interfaces can be combined as required (OPC-UA, MQTT, IT protocols, Modbus and Profinet as well as CAN)
- Existing installations which can be updated to offer the functions of the IEC controller
- The portfolio was expanded with cyber-secure HMI panels and measuring devices for gathering data in the field
- Both the high-performance scalable Saia PCD Supervisor software platform which controls simple HVAC applications and company-wide automation systems for large infrastructure systems and building complexes
Is your IT secure? Great.
But how secure is your OT?
Given the significant threat, the issue of cyber security has long been on the legislative agenda. This has given rise to numerous new laws. These are essential when it comes to modernizing existing systems and setting up new ones, for example the BSI's package comprising the IT Security Act and the Critical Infrastructure Directive. All of these laws focus almost exclusively on information technologies (IT).
A crucial area has therefore been overlooked: operative technologies (OT), together with highly connected system control systems. With two series of standards – ISO/IEC 27000 for IT and IEC 62443 – supply companies can cover the management of information (IT) and the management of physical processes in systems (OT).
IEC 62443 and the best possible security level
When introducing effective measures, one thing is essential – determining one's own security requirements. This starts with a risk and threat analysis and a subsequent classification of the findings into a suitable security level which forms the basis for all necessary measures. The threats range from more random attacks (Security Level 1 and 2) to targeted attacks on a specific target with a great deal of preparation and a significant use of resources (Security Level 3 and 4). If a company's own systems are to be classified correctly, absolutely everything must be taken into account.
Cyber security for critical infrastructures, systems and properties.
The merging of the electricity grid and the Internet to form the smart grid offers gateways for hackers. If they attack central control units for digitally controlled substations or intelligent grid regulation components, there is a risk of a blackout. The solutions from Saia Burgess Controls therefore ensure secure and smooth interaction between control components and measuring instruments. Redundant systems offer additional security and allow energy producers, suppliers and consumers to sleep soundly at night.
Reservoirs, treatment plants and dams, pipes, canals and measuring systems such as smart meters: the water infrastructure is complex, tightly structured and increasingly connected. Digital control systems are replacing outgoing personnel or staff who work some distance away. With access to these systems, the amount of chemicals in water for example can be changed. The cyber-secure systems from Saia Burgess Controls prevent manipulations when monitoring water quality for example and ensure that physical infrastructure components such as pumps or sluices operate reliably.
Industrial control systems for pumps, valves and sensors are increasingly being used to provide district heating and cooling. Via these gateways, hackers can switch off heating or air conditioning systems in buildings. Now that systems based on artificial intelligence (AI) such as self-learning software are increasingly accessing actuators independently in order to control the temperature in buildings so as to reduce costs and emissions and maximize grid capacities, the security requirements are increasing. The cyber-secure systems from Saia Burgess Controls help to meet these requirements
Tunnels and traffic infrastructure
Tunnels, bridges, control centres and other traffic facilities are becoming increasingly connected too. Numerous sensors collect data in order to control ventilation and lighting systems in tunnels, to record damage or to enable control systems to react to traffic levels. Control systems from SBC are used to set up flexible yet cyber-secure tunnel infrastructures which meet requirements such as separate architecture levels (management level – control level – field level) and redundancy.
Saia PCD QronoX System
- The first PLC technology system whose hardware and software meet all cyber security requirements in accordance with IEC 62443, Security Level 3.
- With the IEC controller, it offers the latest future-proof generation of Saia PCD controllers combined with the ECS software (Engineering and Commissioning Suite)
- Object-oriented high-level language programming in accordance with IEC 61131-3
- Compatible with Saia PCD3 I/O modules
- QNX real-time operating system
- Numerous interfaces and protocols
- Particularly suitable for critical applications and infrastructures in the areas of water supply, tunnel infrastructure, district heating, district cooling, energy production and energy distribution
Secure intelligent buildings the clever way with BACnet / SC
Modern, connected buildings such as offices, schools and hospital, hotel or conference complexes offer a new level of comfort and thus noticeably improve user experiences. At the same time, they too are increasingly becoming the target of cyber attacks targeting both IT and OT.
In the future, the new cyber-secure communication protocol BACnet Secure Connect (BACnet / SC) will allow a much simpler standardized building automation infrastructure. BACnet / SC will be fully compatible with existing implementations of previous BACnet protocols and will encourage cloud-based applications. So that modern building environments really do amaze visitors and residents.