This page contains a Flash digital edition of a book.
Plant Management


The BIOS password is the outermost security layer to protect the PC and the engineering tool of the safety system against unallowed access. In accordance with the basic principle of supporting only that which is required, the operating system environment user guidelines and group guidelines must be set up with reduced access rights. The use of a firewall and antivirus


software, or better yet an Application Whitelisting, further improves the security protection. In this regard an Application Whitelisting, is indeed more complex in configuration; however, it offers better security protection, particularly against unknown malware, than is offered by antivirus software, because only the programs released by the user are allowed to be executed. In order to properly configure the


various security measures, the required ports and user rights for the engineering tool must be known. In addition, the engineering software must be compatible with the security software of other manufacturers. Thus the user can flexibly implement the security products that are prescribed or that are most suitable. The principle of diversity also applies for these levels of protection, as use of products from different manufacturers avoids the same type of errors.


Protective measures SILworX, the engineering tool for HIMax, runs on a standard PC with Windows. The software is compatible with all major antivirus protection programs and consequently can be used with the antivirus software that is standardised and released for the respective company. SILworX protects itself against faulty installation data and manipulation via a CRC (cyclic redundancy check) that occurs each time the software is started or code generation takes place. In addition, MD5 checksums for the installation data are available to the user to check the correctness of the installation. SILworX has additional features that


promote security. A database file in a HIMA-specific format contains the data


for the project generated with SILworX as well as the encrypted user ID and passwords. The function-relevant project parts are additionally protected via a separate CRC so that a change in the project data can also be detected and traced with the available secure code comparer. It is possible to create a project


archive automatically each time the controller is loaded. All changes can be traced via this seamless version history. This backup function also permits identification and restoration of the last valid project as part of a recovery procedure. Two-level user management for project access and controller access ensures additional protection. The first level includes the right to access the project data. At this level personalised users can be created with individual user password and assigned to user groups. In the second level the


access rights are defined per controller. From among the created user groups the administrator can select which group may access the respective controller. An individual password is defined in each case. This password can be as complex as desired because it does not need to be known by the user. Advantages of this procedure are


that the user knows only his own password, and if there is a change of individual users or their passwords the controller itself is not changed. Thus the security protection is increased, and if there is a change in employees or a password update it is not necessary to make changes in the safety controller. Accesses are recorded in the project


log and in the controller diagnostics. The concept of separation is also consistently integrated in HIMA controller systems. For high-level cybersecurity, different levels of


www.engineerlive.com 25


The international security standard IEC 62443-3-3 requires a compartmentalisation of production networks.


Source: HIMA Paul Hildebrandt.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68