Secure industrial controllers based on the IT security standard IEC 62443.

Security analysis for next-gen PLCs

Initial situation and project objective

The significance of IT security is permeating increasingly large areas of our lives. These days, more and more industrial systems are connected with each other or cloud services via the Internet. Doing so increases productivity and can even provide access to new fields of business. At the same time, though, this connectivity potentially gives attackers more opportunities to penetrate control networks.

Phoenix Contact is a global manufacturer of industrial controllers. Its controllers need to be connected to the Internet to function along the lines of industry 4.0. This type of Internet access requires particular protection, e.g. to prevent cyberattacks. For this purpose, the IT security standard IEC 62443 defines requirements that specifically address automation technology; these requirements apply to products as well as the associated development processes.

Solution and customer benefits

Fraunhofer IEM conducted a rigorous threat analysis for the next generation of programmable logic controllers (PLCs) in order to demonstrate security and compliance with the standard. For this purpose, Fraunhofer IEM adapted and applied Microsoft STRIDE approach methods and tools for the domain of automation technology. Suitable protective measures are used to review the validity of and effective defenses against the threats that were identified in this way. At the same time, the applied method is being refined and integrated within the standard development process at Phoenix Contact. There are plans to continue its optimization in line with IE 62443 in the longer term. The extensive security measures designed for the controllers help to safeguard the operation of machinery and systems and hence to avoid costly downtime.