Information and Network Security in Industrial Automation

Qualification aims

The module makes students familiar with concepts, methods and technologies of information and network security. The module focuses on both management and technology aspects.

Students will

• understand the information security management system, which specifies the instruments and methods used by management to systematically control tasks and activities relating to IT security
• comprehend international security standards
• analyse security objectives in IT and industrial automation scenarios
• distinguish between security-relevant vulnerabilities as regards the design, implementation, configuration, operation, or organization of the target
• determine and evaluate system security weaknesses
• determine and evaluate suitable security mechanisms to achieve defined security objectives
• understand causes of security weaknesses in industrial automation networks
• comprehend and analyse security mechanisms develop methods to determine vulnerabilities
• develop rules to determine and eliminate attacks
• estimate security tool limitations
• evaluate typical threats, risks and measures in industrial automation scenarios
• develop and choose suitable solutions
• present the results

Courses

The module consists of two courses:

IT-Security - Management and Technologies

Contents

• Introduction to the basis terms used in IT security (what is security, security objectives, mechanisms, example scenarios)
• The Information security management system - instruments and methods used by management to systematically control (i.e., plan, put in place, implement, monitor, and improve) tasks and activities relating to IT security
• International standards on IT security
• Cryptographic procedures as mechanisms to achieve security objectives Current cryptographic standards
• Principles and mechanisms of authentication
• TCP/IP based network and service security (weaknesses, attacks, examples)
• Firewall systems (application level gateways, packet filters, remote access) basics of system analysis and theory
• Intrusion Prevention Systems (IPS)

Industrial Security in Automation

Contents

• Specific requirements and conditions of industrial automation
• Security aspects of Ethernet based automation protocols
• Functional security limitations and interfaces
• Design aspects of automation devices and systems
• Threads and risk assessment
• Security & Safety
• Typical architectures of security solutions
• Procedural models for implementing solutions (manufacturers, integrators, users)

Bibliography

• Anderson, Ross: Security Engineering, John Wiley & Sons Inc, 2001
• Eckert, Claudia: IT-Sicherheit. Konzepte - Verfahren - Protokolle, Oldenbourg, 2006
• Schneier, Bruce : Practical Cryptography, John Wiley & Sons, 2003
• Schneier, Bruce : Secrets & Lies. IT-Sicherheit in einer vernetzten Welt, Dpunkt Verlag, 2006
• http://www.securityfocus.com (aktuelle Sicherheitsmeldungen)
• Normen und Richtlinien: Manufacturing and Control Systems Security ISA SP99, VDE/VDI 2182