• Products
  • Industries
  • IIoT & Solutions
  • Supply Chain Software
  • Service
  • Company
  1. IIoT devices
  2. Cyber security

Cyber security

The security functionalities of the IIoT devices are based on the requirements of BSIand IEC 62443-4-2.

The ifm IIoT controller is a freely programmable and thus very flexible product with a high degree of connectivity. Despite the wide range of supported protocols, the user is always in full control for comprehensive cyber security.

           
 

Design

Integrity

Authentication

Confidentiality

Restricted data flow

IIoT controller

  • HardenedYocto-Linux distribution
  • Convenient update of the complete system(recovery system)
  • Backup & restore of thesystem configuration
  • User managementvia CODESYS
  • Individual rights management for both the programming systemand the runtime system via CODESYS
  • Authentication to external cloud
  • Browser-based access to web visualisation via TLS-secured connection
  • Cloud communication only via TLS-secured connection
  • Identification of data sources in the cloud according to a readable name scheme
  • Separation of IT and OT networks using separate network connections
  • Communication of the software components via standard protocols (messaging/REST)

         

CODESYS Development System

  • Encryption of the application source code:
    Protect your application know-how with a password, dongle or X.509 certificates.
  • User management on the project level:
    Determine in detail the users authorised to read or write specific objects of your source code.
  • Encrypted communication between the CODESYS Development System and the controller:
    Use your automation device to protect data exchange against unauthorised access.

CODESYS Application Code

  • Access restrictions via application:
    Use a library to define at runtime when specific critical operations must not be performed.
  • Enable additional functions:
    Determine in detail the users authorised to execute or operate specific functions of the application.

CODESYS Visualization

  • User management for visualisations:
    Determine in detail whether a user is authorised to read or execute certain visualisations.
  • Encrypted communication for CODESYSWebVisu:
    Protect the data exchange between controller and browser.

CODESYS Runtime System

  • User management for controller access:
    Avoid risk of failure by clearly defining which user of the controller is authorised to start and stop the application or execute additional online functions.
  • Encryption and signing of executable application code:
    Protect your application against unauthorised reproduction or modification by means of a dongle or X.509 certificates.
  • Operation modes for executable application code:
    Protect yourself against unintentional operations on the running machine.
  • Interactive login on the target device:
    Avoid unintentional access to controllers in the network.
  • Easy exchange or recovery of controllers:
    Exchange failed systems and easily install a previously created data backup.
  • Encrypted OPC UA communication:
    Avoid unauthorised access to data provided by the CODESYS OPC UA server.

CODESYS Automation Server

  • Encapsulation of devices in the local network:
    Data exchange with the server exclusively via CODESYS Edge Gateway.
  • Encrypted communication:
    Data exchange between server and CODESYS Edge Gateway provides end-to-end encryption data via TLS based on X.509 certificates.
  • Reliable user and rights management:
    Access to objects and information can be finely adjusted by means of object properties and user favourites – user favourites are secured in addition by two-factor authentication.
  • Complete transparency of actions:
    Recording of access events and changes via audit trail.
  • Protection of know-how:
    Signing/encrypting of source and compiled binary code via X.509 certificate, dongle or password.
  • Certified security:
    Regular security audits by external auditing agencies.