search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
PC-JUN23-PG37.1_Layout 1 13/06/2023 12:27 Page 37


SENSORS, TRANSDUCERS & TRANSMITTERS


SECURE LEVEL MEASUREMENT


The universal VEGAPULS 6X measures the level of liquids and bulk solids reliably even under the most adverse process conditions. And when it comes to IT aspects, users know one thing for sure: the radar sensor is one of the first level sensors developed with IEC 62443-4-2 in mind


any users in the process industry have so far paid little attention to the topic of cyber security. Either because they still think it’s the IT department’s job or because they don’t feel directly threatened. However both these attitudes are a little negligent. IT security should always be a joint task between IT and OT. Concepts such as NOA (NAMUR Open Architecture), MTP (Modular Type Package) or Ethernet-APL (Advanced Physical Layer) are being deployed more and more. This opens up new avenues into the previously self- contained automation level and offers, at least theoretically, a convenient entryway for attacks. Modern, integrated automation solutions make processes more flexible and efficient. However, due to this open-endedness, process automation engineers have begun to focus more and more on the issue of security. According to the industry association Bitkom e. V., the German economy suffers a loss of around 203 billion euros every year through the theft of IT equipment and proprietary data as well as through espionage and sabotage. Especially problematic is the fact that cyber adversaries can be quite different in nature: they can range from individual 'script kiddies', to criminals or even nation states. Such attacks are still rare in the process industry; however, operators of power plants, fuel tanks or equipment in the water industry have recently been given a wake-up call. Because what is often neglected: any attacks on IT can affect OT areas very quickly.


M


from, VEGA sensors make it available where it is needed. Wireless data transmission is also used to retrieve status information from the sensors, for example, to report maintenance requirements or to request an update. Downtime can be reduced this way. Yet from a cyber security perspective, there are challenges: such data is increasingly being bundled into production and maintenance systems so that it can then be further processed in the office or control room. This creates discontinuities between operational and security functions.


Nevertheless, this new open-endedness offers numerous advantages for users. For example, level sensors provide important data across many different areas of industrial activity. Process data is thus available at all locations, allowing worldwide inventory management (Vendor Managed Inventory). Sensors from VEGA, for example, have been supplying critical data to higher-level systems for many years, such as production data from flour mills, for the purpose of optimising raw material logistics. Mills can thus rely on their storage facilities being automatically filled with grain. Incidentally, VEGA started this development long before Industry 4.0 became a topic.


The development of wireless communication with Bluetooth has once again increased the use of such applications. Bluetooth makes adjustment and commissioning of sensors and controllers easier, which, in many cases, also helps avoid situations where accidents can occur. No matter where the level data originates


Holistic security concept for VEGAPULS 6X For that reason, VEGA put great effort into achieving certification as per IEC 62443-4-2 while it was developing its new star product, the radar level gauge VEGAPULS 6X. This international series of standards provides a flexible framework for systematically assessing, evaluating and implementing security standards. Security requirements for hardware as well as software are defined by its guidelines. It is aimed at plant builders and plant operators as well as component manufacturers like VEGA.


The entire development process of VEGAPULS 6X was therefore geared to the IT security standard IEC 62443-4-2. It included, among other things, an analysis of possible threats right from the start in order to identify weak points at an early stage and develop countermeasures during development. All of this, by the way, had to do not only with the security of the device, but with a company’s entire production process. This work was supervised by the independent institution TU


Nord, which put every measure to the test. The safety measures start with the encapsulated electronics of VEGAPULS 6X,


which prevents manipulation. Built in is also a so-called Defense-in-Depth strategy, i.e. a tiered security concept that consists of several IT security layers. The concept includes production equipment security, network security and the security strategies of the various system components. This means protection against threats such as: ▪ Data manipulation (violation of integrity) ▪ Denial of Service “DoS” (violation of availability) ▪ Espionage (violation of confidentiality) The instrument has additional security features: ▪ User authentication ▪ Event memory (logging) ▪ Firmware integrity checks ▪ Data backup for recovery


̈V


When defending against a cyber-attack, time is of the essence. All companies should make appropriate preparations, which include drawing up a clearly defined emergency plan to ensure that valuable time is not wasted if worst comes to worst. It also includes making plans on how to rebuild a secure system in case severe damage is done. At VEGA, the PSIRT – Product Security Incident Response Team – stands ready at all times to help. These experts continuously search for any vulnerabilities, provide assistance with updates and patches, answer customer questions and immediately take action in critical situations, for example if a user discovers a vulnerability. At the same time, VEGA works closely with CERT@VDE, an IT security platform for industrial companies, in reporting and investigating vulnerabilities.


VEGA www.vega.com


JUNE 2023 | PROCESS & CONTROL 37


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54