Users benefit enormously from increased networking in machines and systems, for example for diagnostics, AI, web services, or IT connectivity. However, this also increases potential attack vectors and thus the demands on cybersecurity. But cybersecurity is a complex topic, and many users would rather focus on other things.
You don’t have to navigate the path to future-proof cybersecurity alone. PI supports its users and members in this task across all PI technologies. At PI, we always ensure that security concepts are practical and easy to understand. Protection concepts must also remain simple to implement and affordable! Above all, the development of protection concepts focuses on ensuring that these measures do not disrupt ongoing production operations.
Our security concepts are based on standardized security guidelines and specifications, which are regularly discussed and updated with manufacturers and users. This ensures that machines and systems are protected against external attacks in a practical way, and that added value is achieved through integration with the IT environment.
To meet these requirements, we work closely with cybersecurity experts from a wide range of disciplines. End-users and PI members can already rely on receiving support in the following areas:
- Comprehensive cybersecurity concepts, such as guidelines and best practices for users and device manufacturers
- Specifications for the security mechanisms in the protocols, as well as cybersecurity extensions and cybersecurity reporting
- Frameworks for device and tool security
- Cybersecurity services, for example, for signing GSD and FDI files
- Test bundles for testing and verifying cybersecurity
- Interoperability field tests and plugfests
- Cybersecurity incident response procedures
- Cybersecurity training and webinars
- Descriptions, guidelines, and literature on PI’s cybersecurity topics
Security-relevant extensions have been included in the PROFINET specification for some time. Our security experts have been working closely with TÜV Süd for a long time to ensure compliance with the IEC 62443-4-2 security standard, among other things.
Since not only Ethernet-based but also other industrial communication technologies such as IO-Link can be exposed to security threats, these technologies are also considered. Further working groups have been established, some as joint working groups with other technology associations. We are committed to communicating all cybersecurity topics in a more understandable way. This applies to users and device manufacturers, from technicians to decision-makers in discrete manufacturing and process industries.
I would also like to encourage you to actively participate in our cybersecurity working groups. Our community of more than 1,000 experts and 80 working groups is successfully advancing our topics. By participating, you not only help shape the future but also gain access to new information at an early stage and get to know experts. So become part of our active community!
Dietmar Bohn
Executive Director
PROFIBUS Nutzerorganisation e.V. (PNO)