Security and Safety
The primary concerns of the five system characteristics for a trustworthy system as defined in IIC Volume G4 Security Framework are security and safety, both being mandatory in a network of factories. This includes confidentiality of factory and business related information. On the other hand, the system characteristics resilience and reliability are of lesser concern as the testbed involves only laboratory environments. Privacy is also of lesser concern as there is no personalized data.
Primary attack categories
The Primary attack categories for the SFW include:
- Attacks on system via network infrastructure
- Attacks using normal functionality of the systems, but should normally not be possible by the attacker
A model factory has an additional attack category:
- Physical part of system is attacked
- Physical access to systems is necessary for successful attack
Security and safety issues will be fully addressed in the design. In fact, work in all phases of the Smart Factory Web will adhere to security by design principles and guidelines of the IIC Industrial Internet Security Framework (IISF).
Protecting Communication: Security with OPC UA
OPC UA is the preferred means of communication at all levels:
- Between the Smart Factory Web Hub in the SFW Platform Tier and the SFW Edge Tier
- Between Enterprise, Platform and Edge Tiers of each Smart Factory
The information model, access rights and roles are defined in AutomationML. The corresponding information OPC UA model is generated from the AutomationML model. OPC UA specifies state of the art security profiles for authentication, authorization and encryption. The testbed will use the OPC UA security profiles and the secure form of OPC UA communication, i.e. UA-SC (Secure Conversation).