New Industrial Ethernet Security White Paper
PI is presenting a new joint technical position paper on the secure use of industrial communication protocols. The document was developed as part of an international collaboration with FieldComm Group, ODVA, and OPC Foundation.
The white paper “Secure Deployment of Industrial Communication Protocols – A Risk Management Based Approach” describes a practical, risk-based approach for the secure deployment of industrial protocols—including PROFINET, IO-Link, PROFIBUS, and other established technologies—in automation architectures.
Among other things, the document demonstrates how integrated security functions, e.g., from PROFINET, in combination with zones and conduit concepts, network segmentation, and organizational measures, make a significant contribution to the cyber resilience of industrial plants. With this joint paper, the participating standardization organizations underscore their commitment to interoperability, security, and industrial practicality. Instead of isolated solutions, PI pursues a holistic approach in which protocols, system architectures, and operators jointly contribute to security.
The document is aimed at plant operators, system integrators, automation manufacturers, and security experts, and provides concrete guidance for the secure use of industrial communication – both today and with a view to upcoming regulatory requirements.
The paper is now available for free download here: https://www.profibus.com/download/secure-deployment-of-industrial-communication-protocols
ISHG Announcement
Why Secure Industrial Communication Depends on Deployment as well as Protocols
The Industrial Security Harmonization Group (ISHG)—comprising leading industry organizations including the FieldComm Group, ODVA, OPC Foundation, and PI—collaborates regularly to align security concepts across Ethernet and non-Ethernet communication protocol technologies. Their shared mission is to reduce complexity for end users and promote consistent, effective cybersecurity practices in industrial automation systems.
Industrial communication protocols serve as the backbone of modern automation, enabling seamless connectivity between devices, systems, and applications across both process and factory environments. However, many widely used protocols were originally developed without cybersecurity as a primary design consideration.
The ISHG’s joint work challenges the simplistic binary classification of protocols as “secure” or “insecure.” Instead, it emphasizes a more practical and realistic approach:
- Security is context-dependent — It relies on how protocols are configured, where they are deployed, and the surrounding operational environment.
- Built-in security features are not sufficient alone — Even advanced protocols require correct implementation and maintenance.
- Compensating controls are essential — Network architecture, segmentation (zones and conduits), monitoring, and physical safeguards play a critical role, especially for legacy and non-Ethernet systems.
- This deployment-focused perspective aligns closely with emerging regulatory expectations, including those outlined in the EU Cyber Resilience Act (CRA) for hardware and software products and NIS2 for entities and organizations for operations.
For more information, visit: profibus.com/ishg