Stepping Up Industrial Network Security: PROFINET Security Update

  • Post category:PI NEWS
  • Reading time:3 mins read

In the complex and interconnected world of industrial automation, the security of communication networks is not just a feature—it’s a necessity. PROFINET has long recognized this need and marks a milestone in what can be likened to ‘security feature completeness’ with its upcoming release of the MU5 (Maintenance Update 5) of the PROFINET specification.

What’s New with PROFINET Security

Among the notable advancements is the introduction of the Security Eventing class, accompanied by a comprehensive list of Auditable Events. This feature addresses the growing need for compliance with stringent security standards like IEC 62443. Administrators and security personnel will now have a structured and detailed approach to identifying and documenting security events within the PROFINET network. The ability to audit and trace actions ensures accountability and aids in forensic analysis, should security breaches occur.

This feature is accompanied by the ability to utilize SYSLOG for PROFINET.

SYSLOG, a widespread protocol used for the logging of system messages, now empowers PROFINET with the capability to record and monitor security-related events. By doing so, it provides system administrators with a powerful tool to oversee network health and respond swiftly to potential security incidents.

The update also brings about a new state machine for the symmetric key update sequence. This might sound technical, but in essence, it’s about ensuring that the ‘digital keys’—which keep communication across the network encrypted and secure—can be changed or updated in a secure and controlled manner. This change signifies a simplification and strengthening of key management, a critical element in maintaining the integrity of secure communications.

The clarification of reset-to-factory settings within the context of security also receives attention in the update. Resetting devices to their factory settings has been a point of contention, raising concerns about the potential compromise of security configurations.

Lastly, the update offers a wealth of clarifications, completions and ‘under-the-hood’ improvements throughout the PROFINET security specifications. These enhancements serve to remove ambiguities, ensuring that implementers and users of PROFINET can more easily follow best practices in network security.

PROFINET’s Commitment to Industrial Cybersecurity

In conclusion, with MU5 of the PROFINET specification, PROFINET Security has made a significant leap towards providing a more robust and comprehensive security framework for industrial networks. By embracing these updates, PROFINET is not just adding new features but is also refining existing processes to meet the current and future demands of industrial cybersecurity. This update signifies an important evolution in the protocol’s capabilities, providing a more secure foundation for the critical systems that underpin today’s industrial operations.

Dr. Dominik Ziegler
Working Group Leader