Defense in Depth in use. Level 4: protection of industrial protocols. Part 3
This article is a continuation of the series on the multi-layered protection of industrial Ethernet networks applying the Defense in Depth principle. Also discussed are some basic vulnerabilities occurring in IEC 104, GOOSE and DNP3 industrial protocols as well as protection methods based on deep traffic inspection.
Defense in Depth in use. Level 4: protection of industrial protocols. Part 2
This article is a continuation of the series on the multi-layered protection of industrial Ethernet networks applying the Defense-in-Depth principle. Also discussed are some basic vulnerabilities occurring in EtherNet/IP industrial protocol as well as protection methods based on deep traffic inspection.
Defense in Depth in use. Level 4: protection of industrial protocols. Part 1
This article is a continuation of the series on the multi-layered protection of industrial Ethernet networks applying the Defense in Depth principle. Also discussed are some basic vulnerabilities occurring in Modbus TCP and OPC Classic industrial protocols as well as protection methods based on deep traffic inspection.
Defense in Depth in use. Level 3: wireless network security
The article continues the series of publications related to multi-layered protection of industrial Ethernet networks applying the Defense in Depth principle. Also discussed are the cyber threats for Wi-Fi networks and approaches for providing multi-layered security.
Defense in Depth in use. Level 2: security at data link layer
The article continues the series of publications related to the multi-layered protection of industrial Ethernet networks applying the Defense in Depth principle. Also discussed are the cyber threats at data link layer and possible ways to protect the layer.
Defense-in-Depth security for industrial network perimeter
The article describes a design version of industrial Ethernet-network security applying a Defense-in-Depth principle, a specific multi-layered approach that makes it possible to arrange an efficient network perimeter protection for an industrial facility.
Defense-in-Depth in use. Level 1: network boundary protection
The article examines a design version of industrial Ethernet-network boundary protection applying a Defense-in-Depth approach. The Hirschmann industrial Ethernet firewall EAGLE One is described as a potential tool.
The article provides a brief description of the structure, functional flavor and advantages of the DNP3 Protocol. Also discussed is the implementation of the protocol in the FASTWEL distributed I/O system.
Industrial network architectures. New Pepperl+Fuchs products
The article covers the changes in regulations for building the automation systems in petrochemical, chemical and gas industries, which have had an impact on the model lineup of the equipment manufacturers. Also discussed are the latest Pepperl+Fuchs solutions based on the FOUNDATION Fieldbus H1 and PROFIBUS PA industrial networks where such changes have been taken into account.
Improving industrial wireless reliability with PRP
The article describes the techniques for improving the stability, reliability and availability of wireless connections by using a standards-based redundancy protocol such as PRP (Parallel Redundancy Protocol). Also discussed are the principles of operation, conditions and scenarios for the application of the PRP technology in wireless networks.
Industrial networks amid increased cyber threats
The security for critical industrial facilities is not only the use of high fences with barbed wire and ID cards for the employees. Under circumstances where the automated process control systems are integrated with the Ethernet local area networks and Internet, issues such as the network security, resilience of enterprise networks against the possible cyber attacks and penetration of malicious software are becoming increasingly important. The article discusses the need to ensure cybersecurity and shows steps to achieve it.
OPC security for the automated process control system
There is an opinion that industrial control systems are potentially non-vulnerable to the malware and/or hacking attacks. This is a wrong viewpoint: any mass produced system may become a target for hacking and virus attacks. The article describes OPC technology which is one of the main standards for building industrial control systems and covers prerequisites and possible solutions to ensure OPC data security. The practical aspects and the issues regarding testing of the said security facilities will be discussed in the next article.
Using ANSI/ISA-99 standards to enhance industrial control system security
There are currently two trends in industrial control systems: a gradual shift to the Ethernet-based control and the occurrence of a specific industrial malware targeting particular types of industrial control systems. These are two sides of the same coin. On the one hand, the Ethernet network that permeates all levels of an enterprise is a flexible and convenient information space taking the automation processes to the next level; on the other hand, now a new type of malicious software can interfere with the production process and cause a large damage to enterprise activities. This article describes the principles of counteraction to the existing and potential threats and protection of industrial networks against such threats according to ANSI/ISA-99 standards.
IT-security in industry. In-depth analysis of data packets for SCADA-systems
The article discusses the specific features of IT-security in industrial environments and gives examples of real threats. Also, the article presents DPI technology as the basic tool to detect malicious software and an example of hardware that implements this technology.
Protection of industrial networks in automation systems
Modern automation systems are built utilizing network technologies, but the information security of automated process control systems is not always given due care. The protection of Industrial Ethernet networks is an additional measure to secure the process against advanced information threats.
Stages of building an efficient automated system for substation
These are the fourth and the fifth parts of a series of articles on Smart Grids. The article discusses the necessity of Ethernet time synchronization in an electrical substation, provides a list of the main protocols solving this task and describes their principle of operation, advantages and disadvantages. This article raises an issue concerning the vulnerability of computer networks of modern substations to the cyber threats and hacker attacks. Also included are safety standards improving the security of networks as well as the description of technology, protocols and means to enhance the security against virtual threats.
Stages of building an efficient automated system for substation
This part of the article discusses various redundancy protocols and schemes as well as the possibilities of its use for substation automation. Also, the article provides comparisons and analyzes an efficient use of some protocols at different network levels.
Smart grids at stake
The article raises a question about vulnerability of Ethernet networks to the harmful effect of computer viruses at power facilities. Also included are the real-life examples that illustrate this problem and review of software and hardware that improve the cyber security of the Ethernet networks.
Stages of building an efficient automated systemfor substation
This article is the first in a series of articles on Smart Grids to be published. It offers the first two parts out of the planned five.The first part discusses the general structure of a communication network of an electrical substation and specifies the basic data communication protocols, their functions and advantages. Also included is an analysis of the impact and nature of the impact of major environmental factors on active network equipment. The second part provides the general principles and requirements for the network infrastructure of electrical substations, describes the hardware level of connection implementation and touches on general issues related to facility monitoring and control system.
The concept of parallel and ring redundancy
The article discusses the new principles of redundancy for the industrial Ethernet networks, their features, advantages over existing technologies and prospects for use in real network devices.
Hirschmann: news from communications front
The article is dedicated to the Hirschmann industrial communications equipment. Also included are a review of the new products based on the state-of-the-art trends and a description of the new capabilities of the equipment to ensure network reliability. In the end, the article provides a forecast for further development of this famous German brand.
Simplify your life with fieldbus in Zone 2
In Zone 2 hazardous areas, energy limiting ignition protection type Ex nL (nonincentive) has been available to fieldbus users for years paving the way for instrumentation in an increasing number of installations. Compared to protection type Ex i (intrinsic safety), Ex nL has contradictory requirements that have led to ambiguity regarding correct dimension and construction of electrical circuits rather than the expected savings in installation and maintenance cost. The new directive "Ex ic intrinsic safety" is replacing Ex nL as of 2011. This article explores the improvements that can be realized by combining this new standard with FOUNDATION fieldbus H1 and PROFIBUS PA.
EtherWAN for Ethernet
The article offers an overview of the EtherWAN communication hardware designed for the Ethernet industrial networks. The article looks at the history and innovations of the company. It analyzes the specific features of the products and provides a table containing information on the most popular series. Also included are schemes with examples illustrating a potential application of the company's products, including those for designing the redundant network architecture.
Real-Time Ethernet networks: from theory to practice
The article discusses the future use of the Real-Time Ethernet standards for real-time data transmission and highlights the benefits of using the Ethernet networks over traditional fieldbus networks. Also included is a review of the basic Real-Time Ethernet standards, specific features of their use and capabilities. The article shows the examples of controllers and gateways for real-time networks and describes their technical features. The last part of the article focuses on the use of the Ethernet switches and their specific operation in real-time mode. A review of the dedicated switches for the Real-Time Ethernet is also provided.
From classic fieldbus to EtherCAT
The article provides general aspects of the industrial Ethernet-based EtherCAT technology. Also discussed are specific features of this technology such as openness, high speed, and flexibility which allow the effective use of the EtherCAT as an industrial bus capable of functioning in real-time mode as well as the use of this technology for vertical integration.
Migration from CCTV to IP: cable issue
The article discusses the upgrade of video surveillance networks and shows the basic preconditions for switching from CCTV to IP platform. Also included are examples of a "smooth" upgrade of the networks while making maximum use of the existing cabling architecture and utilizing the longdistance data transmission devices not involving the use of an optical cable. The article offers an overview of the equipment.
Technology of IP device power supply through a network cable "Power over Ethernet" and its realization in the industrial network equipment
PoE technology providing power supply of terminal devices in the Ethernet directly throughthe network cable is described. Advantages and details of PoE use in industrial environmentare considered. A review of new hardware realizing the technology is made;examples of practical implementation are given.
| (pdf 640k)
FieldConnex® concept for the FOUNDATION Fieldbus H1 and PROFIBUS-PA industrial networks: performance increase and cost reduction. Part 2
The article presents the FieldConnex® concept from Pepperl+Fuchs for the constructionof the industrial networks in the hazardous areas. They combine various intrinsically safe typesand provide communication with the control systems located in a safe area.Also included is a brief description of the main components of the FieldConnex® system:field barrier modules, segment protectors and discrete input/output modules.
Redundancy of the Industrial Ethernet at OSI level 2: standards and technologies
The article covers the typical Ethernet redundancy methods implemented in the industrial switchesto improve the data transfer efficiency. Also discussed are the advantages and disadvantagesof the individual technologies as well as the issues concerning their common use in the mixednetworks.
Introduction to the Modbus protocol. Part 2. Modbus Serial and Modbus TCP
The article continues the description of the Modbus protocol: Modbus over Serial Lineand Modbus TCP/IP are discussed.
FieldConnex® concept for the FOUNDATION Fieldbus H1 and PROFIBIS-PA industrial networks: performance increase and cost reduction
The article presents FieldConnex® concept from Pepperl+Fuchs for the constructionof the industrial networks in the hazardous areas. They combine various intrinsicallysafe types and provide communication with the control systems located in a safearea. Also included is the brief description of the main components of theFieldConnex® system: field barrier modules, segment protectors and discreteinput/output modules.
Introduction to the Modbus protocol. Part 1
The article describes the Modbus protocol: ASCII and RTU modes, message format, character framing, register map and function codes.
System-based development of the Ethernet high-speed switching networks
This review shows the Ethernet-technology development trends in the industrial automation applications. The article presents the specific solutions based on this technology for the industrial networks, measuring instrument systems and real-time systems. The 10-Gigabit Ethernet interfaces and specifications are included, and the promising 100-Gigabit Ethernet technology is described.
Local Ethernet networks in automated process control systems: faster, further, more reliable
This feature continues a series of articles on network solutionsfor automated process control systems. This installment looks at the use of Ethernet technologies in this space. The author cites products from Hirschmann as examples of networking equipment and standard hardware solutions for increasing the speed and reliability of control systems.
| (pdf 241k)
Industrial networks: goals and tools
This article examines issues relating to building distributed automated process control systems using current hardware, software and networking solutions. The author discusses the main trends in the development of distributed control systems and the tools for setting up such systems. The article includes examples using several new products from the firms Advantech, WAGO, Pepperl+Fuchs, Hilscher and others.
Basic concepts and primary components of the AS interface
This article examines a serial data transmission system based on the AS interface used at the lowest level of an automated process control system.The review of the system's basic components provides an understanding not only of their interaction but also of the system's operating algorithms as a whole.
Building industrial networks using the AS interface
The author describes the structure of a solution for the lower level of an automated process control system using an AS interface (AS-i), a universal, cost-efficient and intelligent network for industrial applications, designed to allow for the direct connection of sensors and actuators to the enterprise's general information and control network. This description is accompanied by a review of the appropriate networking equipment, with examples from among Pepperl+Fuchs products.
This review is intended to provide an initial introduction to the HART protocol. The article also looks at tools for describing, setting parameters for and connecting low-level HART devices in an automated process control system.
Application-Level Protocols of CAN Network
Prevailing networking upper-level protocols based on the CAN Interface.
Foundation Fieldbus vs. Profibus-PA
Alternative industrial networks for process control automation.
MIL-STD-1553B Based Industrial Networks
Fundamentals of the construction of a system based on multiplex channels of inter-modular information exchange are described in the article.
Features of the CAN-Protocol