Industrial Communication and Information Security

Qualification aims

This module enables students to design, manage, and secure industrial automation systems by equipping them with the knowledge of industrial communication components, IT-security systems, real-time Ethernet solutions, and cybersecurity practices, thereby preparing them to protect critical infrastructure against cyber threats and adapt to emerging technologies.

Students can

• identify and describe the key components of industrial communication systems
• evaluate, plan and configure industrial IT-security systems
• implement secure communication practices
• evaluate the impact of emerging technologies

by

• understanding the principles of real-time ethernet solutions and their applications in automation including e.g. TSN, PROFINET and OPC UA
• understanding the difference of horizontal and vertical communication
• gaining detailed knowledge and experience in PROFINET regarding concept, engineering, diagnosis and maintenance
• understanding the requirements and functionality of network devices and controllers
• analyzing and evaluating network traffic in real-time applications by means of tools
• installing and configuring network devices
• planning and commissioning of network installations
• understanding connectivity architectures, current technologies and protocols for industrial applications
• understanding the special prerequisites of industrial IT technologies vs. office environments
• evaluating the pros and cons of various protocols
• understanding industrial security objectives (availability, integrity, confidentiality)
• analyzing security objectives in IT and industrial automation scenarios
• comprehending international security standards for automation such as IEC 62443 or VDI 2182
• determining and evaluating system security vulnerabilities
• understanding and applying risk analysis methods to develop and evaluate measures
• evaluating typical threats, risks and measures in industrial automation scenarios
• developing methods to determine vulnerabilities
• understand encryption methodology incl. signatures
• estimating security tool limitations
• understanding, planning and configuring firewall technology
• applying principles of cybersecurity to industrial networks
• recognizing relationships between topics such as safety and security

to

• be able to design, manage and maintain industrial automation systems
• protect critical automation and information systems against cyber threats
• anticipate and prepare for future challenges

Module Content

Industrial Communication

• Ethernet-based industrial communication (focus on PROFINET)
• Functional principles of ethernet-based field bus systems
• New trends and developments such as TSN
• Network analysis of real-time Ethernet networks
• Network devices (switches, routers)
• Architecture of plant networks vs. corporate networks
• Integration of plant network and corporate network
• Practical part:
• PROFINET engineering and commissioning workshop
• Configuring network devices
• Designing and configuring PROFINET applications including M2M

IT/OT-Security

• Introduction into basic terms of IT/OT security
• The Information security management system
• International standards on IT security, e.g. IEC 62443, ISO 27001
• Cryptographic procedures as mechanisms to achieve security objectives current cryptographic standards
• IT/OT-related European regulations such as NIS2, CRA
• Principles and mechanisms of authentication
• TCP/IP based network and service security (weaknesses, attacks, examples)
• Firewall and IPS systems (application level gateways, packet filters, remote access)
• Specific requirements and conditions of industrial automation
• Threads and risk assessment, introduction into secure product design
• Security aspects of Ethernet based automation protocols
• Functional security limitations and interfaces
• Design aspects and typical architectures of secure automation devices and systems
• Vulnerability Test and development of test cases for benchmarks and adits
• Security & Safety

Bibliography

• Klasen, F. et al.; Industrial Communication with Fieldbus and Ethernet VDE Verlag, 2011, ISBN 978-3-8007-3358-3
• Anderson, Ross: Security Engineering, John Wiley & Sons Inc, 2001
• Eckert, Claudia: IT-Sicherheit. Konzepte Verfahren Protokolle, Oldenbourg, 2006
• Schneier, Bruce: Practical Cryptography, John Wiley & Sons, 2003
• Schneier, Bruce: Secrets & Lies. IT-Sicherheit in einer vernetzten Welt, Dpunkt Verlag, 2006
• http://www.securityfocus.com (aktuelle Sicherheitsmeldungen)
• Normen und Richtlinien: Manufacturing and Control Systems Security ISA SP99 VDE/VDI 2182
• IEC 62443 norm series
• BSI Publications on ISO 27001 / “BSI Grundschutz”
• Pohlmann, Norbert: Cyber-Sicherheit, Springer Verlag, 2022
• Schulz, Thomas: Cyber-Sicherheit für vernetzte Anwendungen in der In-dustrie 4.0, Vogel Verlag, 2020
• Kobes, Pierre: Leitfaden Industrial Security, VDE Verlag, 2024