The SPS IPC Drives 2017 show, which took place last month in Nuremberg, this year offered guided tours for the first time, which saw specially trained tour guides show visitors directly to the booths of select exhibitors. Electronic Specifier went along to the tours, and during the two hour walkabout we were able to experience the most important innovations and exhibits for certain topics.
The three tour topics included:
Here we will present the highlights of the first tour; 'IT security in automation' at SPS IPC Drives, including WAGO, Phoenix Contact, Weidmüller and MB Connect Line.
WAGO spoke about its solutions for 'digitisation and cyber security'.
Data transferred out of the network needs protection. To get all of this information to the cloud, a bypass lane is created using a separate controller with protection. This controller has one Ethernet connected to the internet, and one Ethernet connected to the information network.
WAGO aim to digitise the existing business system. This allows direct access to the cloud which is open but reliable and secure - and it can be tailored to the needs of the user.
WAGO propose to use VRN (Virtual Private Network) to secure these channels - along with more conventional precautions such as disabling unnecessary users, separate switch networks, changing standard passwords and closing unused Ethernet ports.
Phoenix Contact presented its solutions for secure remote service for a smart industry, covering three aspects: protection, detection and response.
Security is a subject that needs to be address by everyone, and Weidmüller decided to take the approach of talking about the overall security, rather than focusing on one element.
Overall security is important as for example, if you imagine your company as a chain, the whole product is only as strong as the weakest link within it, so this is the area that needs to be addressed.
Safe and secure matter
If you look at one particular product on its own it is more likely to be hacked than a newer product that is connected to everything else with u-control. Security needs to be focused on at the design stages, to ensure that right from the start you can concentrate on security.
Hackers will try and attempt to break into devices, so it is your job to make it hard for them to do so. Controllers are protected by passwords, and often it is not the lack of password that is the issue, it is the many users that do not change the password from the default password they are provided with. The changing of data is actually fully processed by the controller inside.
Weidmüller continued to say that building up application programmes which are encrypted can occur from users just copying and pasting, which a lot of people tend to do – but it just increases your chances of being hacked.
The correct way is to try and decrypt the software, as it is easier to stop the software in the first place then to have to take it away later on.
“If I want to access my devices how do I know this is safe?”
The new u-link remote access service from Weidmüller allows an easy and secure access of Service PCs to remote Ethernet devices via the internet.
The VPN-based access of a Service PC to remote devices will be provided by the web-based u-link Portal service (VPN server) and a Weidmüller Router (VPN client) located in a remote target network. The u-link VPN server is used as a meeting point and connects a Service PC to a Router (both running as VPN clients) to allow an encrypted data communication between the PC and remote Ethernet devices connected to the LAN port of the Router.
Using the u-link VPN server as public accessible meeting point both a Service PC and a Router only need to establish an outgoing VPN connection to the internet which usually is allowed and compliant to IT security requirements.
For secure data integrity the u-link Remote Access Service uses, for each u-link system account, its own server and database instances (secure separation of u-link accounts). The data communication between an account specific u-link VPN server and remote clients is based on a certificate-secured OpenVPN communication.
The u-link Remote Access Service is offered to be used with following variants and additional options:
Versions Standard 150/300/500/unlimited
Additional VPN connection licenses
MB Connect Line
This year has been full of changes and revolutions which will continue to grow, however one of the biggest at the moment is Ethernet and Industry 4.0.
Cyber security is involved with everything, take for example our office furniture:
A lot of IT equipment is related to automation, and a lot of automation equipment is fitted for the level of IT security that is needed today. This is where MB Connect Line steps in as its main concern is implementing security by design.
It is vital that users test their products. Security by design is looking at security from a different angle, as you are making sure the trust chain is never broken – you need to secure everything on a device from start to finish.
MB Connect Line works hard with its users to fit its customer’s needs, by using knowledge from both the user and customer.
Everything is maintained along the same guidelines:
All IT is trying to prevent a hacker – but why not prevent your machines from attacks from the internet?
For example, if something does happen with a hacker, you want to know about it and you want to know immediately.
The mbSECBOX does exactly this:
Remote Access Solution allows customers to look for easy support and software is also offered to help them.
This allows customers to run their own remote portal, which benefits in many ways:
Some people believe you have to choose between security and simplicity, but cyber security is basically useless if it can be wiped away.
With this system from MB Connect Line there is no more writing down and remembering usernames and passwords.