This page contains a Flash digital edition of a book.
Plant Management


restoration of the last valid project as part of a recovery procedure.


Two-level user management for project access and controller access ensures additional protection. The fi rst level includes the right to access the project data. At this level personalised users can be created with individual user password and assigned to user groups.


In the second level the access rights are defi ned per controller. From among the created user groups the administrator can select which group may access the respective controller. An individual password is defi ned in each case. This password can be as complex as desired because it does not need to be known by the user.


Advantages of this procedure are that the user knows only his own password, and if there is a change of individual users or their passwords the controller itself is not changed. Thus the security protection is increased, and if there is a change in employees or a password update it is not necessary to make changes in the safety controller.


Accesses are recorded in the project log and in the controller diagnostics. The concept of separation is also consistently integrated in HIMA controller systems. For high-level cybersecurity, different levels of protection with a virtual or physical separation can be set up for the communication. The HIMax CPU module executes the safety application and can handle communication tasks. Both areas are separated on the CPU through SIL3-certifi ed protection of the memory and of the timing between the communications and safety areas.


If an insecure data transmission is directly connected on the CPU, an integrated fi rewall ensures a virtual separation because only the protocols and data confi gured by the user are supported.


Invalid or unknown protocol queries or read/write of non-confi gured address ranges are simply ignored by the controller.


For further risk reduction a physically separated communications module can be used. The module has the same security fi rewall characteristics as the processor module and is connected to the CPU only via the internal system bus. Because the communications module cannot infl uence the CPU the safe function is physically separated from the non-secure communication.


it against safety-security risks or to reduce the risk in plants.


A


These features result in stable, robust system behaviour. HIMA incorporates cybersecurity measures in its product development right from the start. This includes the Achilles test procedure from Wurldtech, with which constantly updated tests are executed in the development of all new products.


The Achilles test is recognised internationally for verifi cation of industrial cybersecurity and includes a simulation of cyber attacks. In these tests, the processor module and the communications module of HIMax have proven their resistance to cyber attacks and have received the Achilles Level 1 certifi cate.


Conclusion Put simply, there is no safety without security. If a security risk exists via interfaces or integration, the integrity of functional safety is in jeopardy. Security deserves this same high level of attention that is devoted to the topic of safety. ●


Stefan Ditting and Thomas Janzer are product managers with HIMA Paul Hildebrandt, based in Brühl, Germany. www.hima.com


www.engineerlive.com 15


safety system must have a variety of security features to harden


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29