Secure Level Measurement Technology
Well protected against cyber attacks
The universal VEGAPULS 6X measures the level of liquids and bulk solids reliably even under the most adverse process conditions. And when it comes to IT aspects, users know one thing for sure: The radar sensor is one of the first level sensors developed with IEC 62443-4-2 in mind.
Many users in the process industry have so far paid little attention to the topic of cyber security. Either because they still think it’s the IT department’s job or because they don’t feel directly threatened. However both these attitudes are a little negligent, here's why. For one thing, IT security should always be a joint task between IT and OT. And for another, digital networking is forging ahead rapidly in the process industry. Concepts such as NOA (NAMUR Open Architecture), MTP (Modular Type Package) or Ethernet- APL (Advanced Physical Layer) are being deployed more and more. All of this opens up new avenues into the previuosly self-contained automation level and offers, at least theoretically, a convenient entryway for attacks.
Digitalisation means that more and more field devices are being networked with each other. This makes the question of reliable protection against cyber attacks all the more important.
The dangers of digital networking
Modern, integrated automation solutions simplify handling and make processes more flexible and efficient. However, due to this open-endedness, process automation engineers have begun to focus more and more on the issue of security.
Here, just one concrete number to emphasize the vulnerability: According to the industry association Bitkom e. V., the German economy suffers a loss of around 203 billion euros every year through the theft of IT equipment and proprietary data as well as through espionage and sabotage. Especially problematic is the fact that cyber adversaries can be quite different in nature: They can range from individual ‘script kiddies’, to criminals or even nation states. Such attacks are still rare in the process industry; however, operators of power plants, fuel tanks or equipment in the water industry have recently gotten a wake-up call. Because what is often neglected: Any attacks on IT can affect OT areas very quickly.
The advantages of wireless communication
Nevertheless, this new open-endedness offers numerous advantages for users. For example, level sensors provide important data across many different areas of industrial activity. Process data are thus available at all locations, allowing worldwide inventory management (Vendor Managed Inventory). Sensors from VEGA, for example, have been supplying critical data to higher-level systems for many years, for example level data from road salt silos along motorways or production data from flour mills, for the purpose of optimising raw material logistics. Motorway maintenance depots and mills can thus rely on their storage facilities being automatically filled with road salt or grain. Incidentally, VEGA started this development long before Industry 4.0 became a topic.
The development of wireless communication with Bluetooth has once again increased the use ofsuch applications. Bluetooth makes adjustment and commissioning of sensors and controllers easier, which, in many cases, also helps avoid situations where accidents can occur. No matter where the level data originates from – whether huge towering silos, external measuring points like distant stormwater overflow basins, potentially explosive environments or complex, labyrinthine processing plants – VEGA sensors make it available where it is needed. Wireless data transmission is also used to retrieve status information from the sensors, for example to report maintenance requirements or to request an update. Downtime can be significantly reduced this way.
Yet from a cyber security perspective, there are challenges: Such data is increasingly being bundled into production and maintenance systems so that it can then be further processed in the office or control room. This creates discontinuities between operational and security functions.
Certification according to IEC 62443 included in the level sensor: VEGA also follows the approach of simplicity when it comes to cyber security and supports operators on the web to secure plant operation.
Holistic security concept for VEGAPULS 6X
For that reason, VEGA put great effort into achieving certification as per IEC 62443-4-2 while it was developing its new shooting star, the radar level gauge VEGAPULS 6X.
This international series of standards provides a flexible framework for systematically assessing, evaluating and implementing security standards. Security requirements for hardware as well as software are defined by its guidelines. It is aimed at plant builders, plant operators as well as component manufacturers like VEGA.
The entire development process of VEGAPULS 6X was therefore geared to the IT security standard IEC 62443-4-2. It included, among other things, an analysis of possible threats right from the start in order to identify weak points at an early stage and develop countermeasures during development. All of this, by the way, had to do not only with the security of the device, but with a company’s entire production process. This work was supervised by the independent institution TÜV Nord, which put every measure to the test.
The safety measures start with the encapsulated electronics of VEGAPULS 6X, which prevents manipulation. Built in is also a so-called Defense-in-Depth strategy, i.e. a tiered security concept that consists of several IT security layers. The concept includes production equipment security, network security and the security strategies of the various system components.
For VEGAPULS 6X, it means protection against threats such as:
Data manipulation (violation of integrity);
Denial of Service “DoS” (violation of availability) and;
Espionage (violation of confidentiality);
The instrument has additional security features:
User authentication: Every VEGAPULS 6X is delivered with an individual device code and Bluetooth access code. The Bluetooth connections are encrypted using standardised cryptographic methods and offer the user the option to be deactivated again after the device has been configured.
Event memory (logging): VEGAPULS 6X records locking and unlocking processes in an event memory; successful as well as failed attempts. The functionality of this security function can be tested by trying to unlock the instrument with an incorrect instrument code. This faulty authentication must then be recorded in the “IT Security” event memory. If the event memory is checked regularly, attacks or manipulation can be easily detected.
Firmware integrity checks: The software update package is encrypted and signed. This prevents unauthorised software from being loaded into VEGAPULS 6X.
Data backup for recovery: Using the DTM, the parameters of VEGAPULS 6X can be saved with the “Create backup” function. HART-enabled control systems also provide the option of saving the parameters of VEGAPULS 6X.
For users, wireless sensor communication with Bluetooth brings many advantages. But at the same time, while devices are conveniently networked, cybersecurity becomes a key factor.
What happens in a worst-case scenario?
When defending against a cyber attack, time is of the essence. All companies should make appropriate preparations, which include drawing up a clearly defined emergency plan to ensure that valuable time is not wasted if worse comes to worst. It also includes making plans on how to rebuild a secure system in case severe damage is done. At VEGA, the PSIRT – Product Security Incident Response Team – stands ready at all times to help. These experts continuously search for any vulnerabilities, provide assistance with updates and patches, answer customer questions and immediately take action in critical situations, for example if a user discovers a vulnerability. At the same time, VEGA works closely with CERT@VDE, an IT security platform for industrial companies, in reporting and investigating vulnerabilities.
For decades now, VEGA level sensors have been making it easier for users to monitor their industrial processes. With VEGAPULS 6X, the user doesn’t have to worry about the area of application, the technology involved, the frequency or version of the sensor – all it takes is just a few mouse clicks to put it into operation. VEGA also tries to make everything as simple as possible when it comes to cyber security. It’s certainly true that VEGA cannot exempt the plant operator from all responsibility; after all, cyber security is an ongoing dynamic process that requires constant attention. VEGA does, however, support the operator in this effort.
This help includes: Encouraging the operator to apply the measures mentioned in the security guidelines, which enable him to use the sensor correctly and securely. Additional tips on how to make a production system even more secure are provided in the security guidelines document. Users are therefore optimally prepared.
SHORT INTERVIEW WITH VEGA PRODUCT MANAGER PHILIPP KETTERER
How great is the danger of a cyber attack on level sensors?
In the public debate about cyber security, level sensors are certainly not in the focus, especially in the case of something like short-range Bluetooth operation, the attacker would have to get physically close to the application. That means he would already have to be inside the plant or facility. But many people forget that an attack on the IT structure of a company always affects all the processes that depend on automation. It is therefore important that the sensors are suitably robust and hardened. And of course, direct manipulation of a sensor can also lead to unpleasant situations, for example if the overfill protection system on a tank were to be disabled.
Where do you see the greatest challenge?
Getting users to take this topic seriously – I don’t think they have, yet. It seems everyone wants to shift responsibility to the IT department. But the fact is, the IT people cannot keep an eye on every single sensor in an industrial plant. For that reason, every user must develop an awareness of all the factors involved in reliable sensor operation – not just from the aspect of system security – but also the know how to deal with a cyber attack. What is more: Protection against cyber-attacks is not something users and plant operators can discuss one time and be done with – it’s a topic they’ll have to revisit throughout the entire lifetime of the plant. Just as they care for the plant and all the production equipment, they should also care for the sensors and, especially when it comes to cyber security, keep them up to date.
Does the IEC certification only apply to the new VEGAPULS 6X radar sensor or also to other VEGA sensors?
Certification according to IEC 62433 is only possible during development it has to be designed into the fabric of the sensors. This means it is not possible to obtain such certification retroactively. Therefore, the certification only applies to our latest level sensor VEGAPULS 6X. But of course all future sensor development will be undertaken in compliance with IEC 62433.
+44 1444 870055