EFFRA Innovation Portal

Structured Wiki

ICT performance characteristics Kanban

To expand the headers use the

button.

Expand the full list

Security for information and infrastructure related to digital systems

A Security Architecture for Digital Manufacturing Platforms Description

A Security Architecture is a conceptual design that addresses various aspects of security in a system and resulting application, set of applications and components that make up the system. It is being used to support the design, development, implementation and operation of these systems, which can include Manufacturing Platforms. For Digital Manufacturing Platforms it addresses necessities and potential risks identified following potential scenario's or within a specific environment. It tries to present a comprehensive perspective of various security concepts on the conceived OT and IT architecture which includes networks, systems and equipment connected to these networks, the communication protocols and operating systems being used, the application development and operational process and recommends the use of security measures using security controls. Having a Security Architecture also helps both the design and integration process, supports identification of incidents and the security monitoring, speeds up discussions with partners for a level play field and best practices and is generally reproducible. Digital Manufacturing Platforms tend to try to bridge operational systems with information technology, such as the use of analytics, data collection and distribution and visualization that can lead to automated actions by these systems on the basis of unattended and unsupervised decisions and control implementations. To avoid physical harm, collateral damage other safety or cybersecurity issues, having a Security Architecture supporting the Digital Manufacturing Platforms should allow developers and companies at least to consider the various aspects and challenges of security in an organized and comprehensible manner. Architectures can follow standards such as IEC62443, ISO27k or NIST800.16, or any alternative scheme, but that needs to complete towards the digital and operational platforms.

Risk or security assessment

Risks addressed by security

Security mechanisms and technologies

Distributed ledger technology Description

Specific security standard(s) addressed and impact on implementation

Trustworthy Systems in Platform Lifetime

Used guidelines and specific frameworks for security and/or privacy by design

Interoperability (ICT) Description

In the context of information technology, interoperability refers to the ability of different systems and devices to exhange information. See also https://en.wikipedia.org/wiki/Interoperability

Collaborative and decentralized application architectures and development tools

General interoperability framework

Application level interoperability

Modular Design and Deployment Approaches

Open APIs and Communication Protocols

Wireless communication protocols

Web-services / Composability

Integration level interoperability Description

APIs and Integration Protocols Description

API's (and REST API's) need to be carefully protected through mechanisms limiting access on the basis of identity and authorizing and authenticating through managed and controlled mechanisms. Usually certificates and IP-addresses are being used to restrict access to API's, but a more granular approach is advisable from a Security Architecture perspective. Other architectures being used as Integratio Protocols in Digital Manufacturing Platforms are JSON (for its near real time capabilities) and MQ (message bus architectures). The letter being less secure, since it provides a continuous stream of information which is being sent to a destination.

Connectivity & network interoperability – communication protocols

Data/object model interoperability - Data exchange formats - APIs

Semantic/information interoperability

Platform level interoperability

AAA - Access, Authorisation and Authentication Description

Authorisation is the process of allowing an entity (humans, systems or devices) to access information systems or facilities where information and processing capabilities are being stored. More practical in an industrial setting for Digital Manufacturing Platforms, an authorized person can get access to an operational machine in order to update it, or investigate its contents. Unauthorized access could be someone who has been able to access the network from the outside, performing actions that have not been authorized and cannot be justified.

Authentication is a means to assess the authorization rules of an entity by means of a set of instruments. In the case of Digital Manufacturing Platforms it would be the instruments like user name and password, and in addition a second factor such as a physical token or a mobile phone that can authenticate the person accessing the platform. The physical token connects the person to something he has, the password to something he knows.

A third A in the AAA-architecture is related to Access. Once authorized, and authenticated, access can be granted to the location, system, application, and / or information. Access control levels can thus be set up on different layers. These can be physical (access to the country, to the plant, to the building, the room and the environment where the system is located), and logical (using authentication technologies). In Digital Manufacturing Platforms this means the systems could be accessible only on premise, in the factory or for instance in the (private or public) cloud. As a result different access mechanisms needs to be considered, depending on the risk and intended security levels and controls.

https://en.wikipedia.org/wiki/AAA_(computer_security) ; https://en.wikipedia.org/wiki/Authorization

Motivating Scenario / Use-Case

User Acccess and Rights Management

Industrial Reference ICT Architectures

Industrial Internet Reference Archtectures (IIRA) Description

First published in 2015 and best known as the IIRA, this standards-based architectural template and methodology enables Industrial Internet of Things (IIoT) system architects to design their own systems based on a common framework and concepts. (See https://www.iiconsortium.org/IIRA.htm)

Reference Architectural Model Industrie 4.0 (RAMI 4.0) Description

The IDS Reference Architecture Model (IDS RAM) Description

Integration with legacy systems

Privacy

Real-time communication capability

Resilience

Safety

Scalability

Services

Data communication infrastructure