Secure level measurement technology: Well protected against cyber attacks
By OEM Update Editorial May 16, 2023 6:29 pm IST
The universal VEGAPULS 6X measures the level of liquids and bulk solids reliably, even under the most adverse process conditions. And regarding IT aspects, users know one thing for sure: The radar sensor is one of the first level sensors developed with IEC 62443-4-2 in mind.
Many users in the process industry have so far paid little attention to cyber security. Either because they still think it’s the IT department’s job or they do not feel directly threatened. However, both these attitudes are a little negligent. Here is why. For one thing, IT security should always be a joint task between IT and OT. And for another, digital networking is forging ahead rapidly in the process industry. Concepts such as NOA (NAMUR Open Architecture), MTP (Modular Type Package) or Ethernet-APL (Advanced Physical Layer) are being deployed more and more. All of this opens up new avenues into the previously self-contained automation level and offers, at least theoretically, a convenient entryway for attacks.
The dangers of digital networking
Modern, integrated automation solutions simplify handling and make processes more flexible and efficient. However, due to this open-mindedness, process automation engineers have begun to focus more and more on the issue of security.
One concrete number to emphasise the vulnerability is according to the industry association Bitkom e. V., the German economy suffers a loss of around 203 billion euros yearly through the theft of IT equipment and proprietary data and espionage and sabotage. Especially problematic is the fact that cyber adversaries can be quite different: They can range from individual ‘script kiddies’, to criminals or even nation-states. Such attacks are still rare in the process industry; however, operators of power plants, fuel tanks or equipment in the water industry have recently gotten a wake-up call. Because what is often neglected: Any attacks on IT can affect OT areas very quickly.
The advantages of wireless communication
Nevertheless, this new open-mindedness offers numerous advantages for users. For example, level sensors provide important data across many different areas of industrial activity. Process data are thus available at all locations, allowing worldwide inventory management (Vendor Managed Inventory). Sensors from VEGA, for example, have been supplying critical data to higher-level systems for many years, for example, level data from road salt silos along motorways or production data from flour mills, to optimise raw material logistics. Motorway maintenance depots and mills can thus rely on their storage facilities being automatically filled with road salt or grain. Incidentally, VEGA started this development long before Industry 4.0 became a topic.
The development of wireless communication with Bluetooth has once again increased the use of such applications. Bluetooth makes adjustment and commissioning of sensors and controllers easier, which, in many cases, also helps avoid situations where accidents can occur. No matter where the level data originates from – whether huge towering silos, external measuring points like distant stormwater overflow basins, potentially explosive environments or complex, labyrinthine processing plants – VEGA sensors make it available where it is needed. Wireless data transmission is also used to retrieve status information from the sensors, for example, to report maintenance requirements or to request an update. Downtime can be significantly reduced this way.
Yet, from a cyber security perspective, there are challenges: Such data is increasingly being bundled into production and maintenance systems to be further processed in the office or control room. This creates discontinuities between operational and security functions.
Holistic security concepts for VEGAPULS 6X
When defending against a cyber attack, time is of the essence. All companies should make appropriate preparations, including drawing up a clearly defined emergency plan to ensure valuable time is not wasted if worse comes to worst. It also includes planning how to rebuild a secure system in case of severe damage. At VEGA, the PSIRT – Product Security Incident Response Team – always stands ready to help. These experts continuously search for any vulnerabilities, provide assistance with updates and patches, answer customer questions and immediately take action in critical situations, for example, if a user discovers a vulnerability. At the same time, VEGA works closely with CERT@VDE, an IT security platform for industrial companies, in reporting and investigating vulnerabilities.
For decades, VEGA-level sensors have made it easier for users to monitor their industrial processes. With VEGAPULS 6X, the user doesn’t have to worry about the application area, the technology involved, the frequency or version of the sensor – all it takes is just a few mouse clicks to put it into operation. VEGA also tries to make everything as simple as possible regarding cyber security. It’s true that VEGA cannot exempt the plant operator from all responsibility; cyber security is an ongoing dynamic process that requires constant attention. VEGA does, however, support the operator in this effort. This help includes: Encouraging the operator to apply the measures mentioned in the security guidelines, which enable him to use the sensor correctly and securely. The security guidelines document provides additional tips on making a production system even more secure. Users are, therefore, optimally prepared.
Cookie Consent
We use cookies to personalize your experience. By continuing to visit this website you agree to our Terms & Conditions, Privacy Policy and Cookie Policy.