Scalable security – tailored to every application

PROFINET Security has developed step by step over the last few years. With the latest additions in the area of control system startup, a scalable security concept is now available that can be flexibly adapted to the respective application.

The basis of any cybersecurity strategy is factors such as possible attack vectors, the visibility of components in the network, and the appropriate protective measures. While final harmonization with international standards such as IEC 62443 is still in progress, the framework conditions are already clearly recognizable. Users and manufacturers can now implement measures on this basis – from simple protective mechanisms to integrated cybersecurity.

For particularly exposed systems, PROFINET Security offers security classes 2 and 3. This allows data access to be secured not only for simple use cases such as asset management, but also for complex scenarios such as AI-supported analyses or digital twins. This keeps the architecture open and future-proof for increasing requirements.

Implementation is ensured by plugfests and special test environments. At the same time, PROFINET Security keeps pace with ongoing regulations – not only in the EU, but worldwide. There is considerable international interest in this solution. Another advantage is its compatibility with other PI technologies and concepts such as IO-Link or NOA. Since these come from a single source—the PI community—the result is a consistent, comprehensive, and user-friendly solution, from architecture to implementation.

With the publication of the “PROFINET Design Guideline Security” document, PI (PROFIBUS & PROFINET International) is making a further contribution to supporting OT security in production facilities.

New PROFINET Security Design Guideline Published

PI (PROFIBUS & PROFINET International) has published a new planning guideline for PROFINET Security. The “PROFINET Design Guideline Security” is now available to all PI members and provides another valuable contribution to achieving the necessary OT security in production facilities. This is an important topic for all manufacturing companies!

The latest PROFINET specification defines the essential technical cybersecurity features of the PROFINET protocol, which are already being implemented in the protocol stacks. The above-mentioned guideline, on the other hand, describes the steps required to plan a production plant in terms of OT security. It is aimed at planners, commissioning engineers, and operators of production plants and was initially written in English. A German version will follow.

The guideline provides stakeholders in the cyber security process with basic information on how to design the plant and what points to consider during commissioning and operation – valuable support for all cyber security experts in manufacturing companies. In addition to general information on the security planning process, PROFINET-specific information is also provided. This information can be found in the appropriately labeled chapters.

The author of the guideline, Prof. Dr. Karl-Heinz Niemann, who has been committee chair at PI for many years and is responsible for the highly established PROFINET planning, installation, and acceptance guidelines, explains the significance of the guideline: “By publishing the guideline early, we are giving the PROFINET community the opportunity to address PROFINET security at an early stage and to plan the processes in their companies accordingly. Even though some chapters still lack detailed information, I see this as a good introduction to the topic before products become available on the market. We will fill in the remaining gaps as soon as it becomes clear how manufacturers have implemented certain functions in their products.”

The guideline can be downloaded free of charge by all PI members at https://www.profibus.de/security.

PROFINET V2.5 – A significant step toward the future

For over two decades, the PROFINET specification has been continuously developed to meet the growing demands of industry and open up new technological possibilities. Its widespread use in a wide variety of industries and its sustained market success underscore the innovative strength and future viability of PROFINET. Backward compatibility has always been a priority in order to protect existing investments.

With the new version V2.5, PI (PROFIBUS & PROFINET International) marks another innovative milestone in specification development. This was based on numerous technical and organizational contributions within the PI organization as well as intensive coordination with international committees and associations.

The long-standing cooperation between IEC and IEEE within the framework of the IEC/IEEE 60802 standard has reached a decisive milestone with the first official specification. PI has actively participated in this process and contributed decisive domain knowledge – in particular on practicable real-time communication with simultaneous parallel TCP/IP traffic. As a result, PROFINET can be optimally integrated into 60802-based networks and supports the desired IT/OT convergence.

Decisive progress has also been made in the area of cyber security: the original conceptual approaches have been translated into concrete specifications. Security Class 1 (SecCl1) devices are already in use, and Class 2 and 3 functions are currently being tested. With V2.5, the last outstanding issues—including certificate distribution—have now been resolved, meaning that PROFINET can be described as “security inside” in the future.

A newly defined transport channel enables the secure and flexible implementation of use cases such as parameterization, tool access, or firmware updates—with or without security. This is a significant step toward further modernization and simplification of PROFINET. Thanks to clear layer separation, this channel is suitable for both highly optimized embedded systems and virtualized, container-based environments.

In addition, the latest enhancements for the integration of Ethernet APL and Single Pair Ethernet (SPE) have been added. All these innovations are also reflected in the updated GSD/GSDX specifications and will be transferred to PI’s proven test systems as usual.

With PROFINET V2.5, the PI organization is actively shaping the future of industrial communication. The integration of innovative technologies into standardization is the key to scalable, cost-effective solutions and opens up new possibilities for IT/OT convergence, cyber security, and networking. PROFINET thus creates the basis for a networked, secure, and future-oriented industry.

PROFIBUS & PROFINET International