Guarantee cybersecurity with Bihl+Wiedemann in the long term
ASi ensures maximum data security
Cybersecurity is indispensable everywhere today – including in the area of functional safety. With the advent of Industry 4.0 in safety technology, more and more diagnostics and additional information are being exchanged via networks. Since safety and standard systems are often connected via TCP/IP interfaces in IT and OT environments, new vulnerabilities arise. It is therefore crucial that all systems are cyber-secure.
Bihl+Wiedemann ensures the highest data security with ASi technology in all areas: all modern ASi-5/ASi-3 Gateways are updateable and, thanks to signed firmware, can meet future security requirements long after commissioning. In addition, the communication break between ASi and TCP/IP increases cybersecurity. High security requirements must therefore only be met by the ASi Master, not by a large number of field devices. To ensure data security in the IT world, we also offer authenticated encryption methods such as AES-256 with SHA up to 512 or RSA. In addition, customer-specific certificates for TLS and OPC UA communication are supported.
Content
- ASi ensures maximum data security
- ASi makes it more difficult to record exchanged messages
- Firmware updates – permanently guarantee system integrity
- Communicative break between ASi and TCP/IP increases cybersecurity
- Further measures for greater security
- PC software package specially designed for cybersecurity requirements
- Impact of the Cyber Resilience Act on the use of ASi
- FAQ about cybersecurity
Firmware updates – permanently guarantee system integrity
In times of increasing networking, firmware updates are more important than ever. This is because they make a significant contribution to the security and performance of devices. Regular updates can quickly and effectively close future security gaps that could allow attackers access.
The update process for Bihl+Wiedemann components is based on the premise that system integrity must always be guaranteed. We ensure this with the following measures:
- All modern ASi-5/ASi-3 gateways are updateable and can fulfill future safety requirements long after commissioning
- The firmware on the update server is signed
- Certificate-based end-to-end encryption between the update server and the device to be updated
- End-to-end encryption prevents the infiltration of malware into Bihl+Wiedemann devices
- Synchronization with the server ensures detection of outdated firmware
- The TÜV-certified process is also approved for firmware for safety products
Communicative break between ASi and TCP/IP increases cybersecurity
Cybersecurity is also increased by the fact that the gateway creates a logic break between TCP/IP and ASi, as well as ASi Safety. High safety requirements must therefore only be met by the ASi master, which establishes the connection to TCP/IP. In contrast, ASi modules are much less problematic in terms of safety since they cannot communicate in TCP/IP networks. Those responsible for network security therefore have to focus on significantly fewer devices and can check them more carefully.
The ASi-5/ASi-3 Fieldbus Gateway from Bihl+Wiedemann provides a physical decoupling between TCP/IP and ASi-5 as well as ASi-5 Safety, i.e. the fieldbus and the field level. This applies to sensors and actuators with integrated ASi connection. But also for ASi modules and the sensors and actuators connected to them, even with serial protocols such as IO-Link.
ASi makes it more difficult to record exchanged messages
AS-Interface has always been virtually tap-proof by design. The reason for this is that both ASi-3 and ASi-5 have special communication methods that are very difficult to tap and analyze. In the case of ASi-3, this is ensured by the specific sin² pulses and, in the case of ASi-5, by the adapted OFDM (Orthogonal Frequency-Division Multiplexing) method with dynamic frequency assignment. This makes it very difficult to record the messages exchanged, especially with ASi-5 and ASi-5 Safety. This is because the entire context of the connection establishment between the ASi master and the ASi node is required. In addition, precise synchronization of the clock frequencies, as occurs between the ASi master and the ASi node according to the ASi-5 protocol, is necessary.
Further measures for greater security
To ensure data security, Bihl+Wiedemann offers authenticated encryption methods such as AES-256 with SHA to 512 or RSA. In addition, customer-specific certificates for TLS and OPC UA communication are supported. This allows the devices to be seamlessly integrated into existing IT security concepts. Bihl+Wiedemann also offers the option of using signed software updates that are authenticated by the device before use. However, software updates and OPC UA can also be blocked locally on the device – for reliable and absolute protection.
Further security measures are continuously being implemented and made available on a regular basis, thanks to the firmware update. For example, encryption of Safe Link communication, gateway chip cards, and user administration in gateways is planned.
PC software package specially designed for cybersecurity requirements
If required, we offer a version of our PC software package that is specially optimized for the cybersecurity requirements of IT – especially in the context of larger user groups – and is continuously improved. This version supports, for example, user administration with password protection and individual rights within the software, as well as an automatic “security logout” after a period of inactivity. This effectively restricts access to the devices to the authorized group of people via the PCs located in the system.
Impact of the Cyber Resilience Act on the use of ASi
Devices with AS-Interface (ASi) are generally categorized under the category “Products with digital elements” under the Cyber Resilience Act (CRA), but not under the much stricter categories “Important products with digital elements” or “Critical products with digital elements”. This means that some basic risk assessments and functions have to be fulfilled, but these can be realized with both ASi-3 and ASi-5.
In particular, a user administration is implemented for the more complex, configurable devices from Bihl+Wiedemann, i.e. Gateways and Safety Gateways, which then also applies to the connected modules. It must also be possible to perform software updates for these devices in the field, which is already the case for all of our current gateways and safety gateways.
The topic of cybersecurity is more relevant than ever. In the industrial sector, the reliability of processes and production in particular is becoming increasingly important.
Like the standard ASi-5 communication, ASi-5 Safety is almost tap-proof due to the nature of the system. The reason: the data transfer via OFDM with dynamic frequency assignment,makes it very complex to capture the exchanged messages. This requires the entire context of the connection set-up between ASi master and ASi node. Besides, the clock frequencies must be precisely synchronized just like between the ASi master and ASi node according to the ASi-5 protocol.
Cybersecurity is also enhanced by the fact that the gateway creates a logical break between TCP/IP, ASi-5, and ASi-5 Safety. This means that high safety requirements only need to be placed on the ASi-5 Master, which establishes the connection to TCP/IP. ASi-5 modules, on the other hand, are much less problematic in terms of safety, since they cannot communicate over TCP/IP networks. Those responsible for network security can thus focus on significantly fewer devices and check them more carefully.
Due to the strong networking of Industry 4.0 devices, the topic of data security is becoming enormously important, since any device with access to other devices in a network can be used as an attack platform. We enable the seamless integration of our devices into existing IT security concepts and ensure data security like this:
All modern ASi-5/ASi-3 gateways can be updated and can meet future safety requirements long time after commissioning.
The firmware on the update server is signed.
- Each TCP/IP-capable device receives an individual certificate for SSL communication in production.
ASi increases security through the communicative break between TCP/IP and the field devices.
OPC UA uses established encryption methods such as AES-256 with SHA up to 512 or RSA.
Software updates and OPC UA can also be locked locally on the device - a reliable and absolute protection.
Devices equipped with AS-Interface (ASi) generally fall under the category “Products with digital elements”, but not under the much stricter categories “Important products with digital elements” or “Critical products with digital elements”.
This means that some fundamental risk assessments and functions must be fulfilled, which can be realized with both ASi-3 and ASi-5.
Specifically, user administration is implemented for the more complex, parameterizable Bihl+Wiedemann devices, i.e., gateways and safety gateways, which then also applies to any connected modules.
It must also be possible to update the software of these devices in the field, which is already the case with all our current gateways and safety gateways.
Furthermore, manufacturers are obliged to monitor security vulnerabilities in their software and in the libraries used, and to rectify them as necessary. Bihl+Wiedemann is aware of its responsibility and is already acting accordingly.
The update process at Bihl+Wiedemann components follows the premise: System integrity must always be guaranteed.
Data integrity is a widespread basic requirement in automation systems. However, with increasing networking of devices, this requirement is no longer sufficient. Instead, the integrity of the entire system must be guaranteed, not only the transmission, but also the software or firmware of the individual components.
ZVEI e. V., (Verband der Elektro- und Digitalindustrie -German Electrical and Electronic Manufacturers' Association), has summarized in a white paper what is important when it comes to integrity
- Updates play an important role in eliminating security-relevant vulnerabilities in components
- Updates must be checked for integrity and authenticity before they are implemented (especially to rule out changes by possible attackers)
- If the integrity is breached, the update must not be applied
- Simple checksums do not offer any protection against intentional changes by attackers, as they can also be manipulated
- Signatures or key-based cryptographic hash functions effectively protect against checksum modification
Our measures consistently take into account the specifications of ZVEI. How we reliably ensure your security in the update process:
- Certificate-based end-to-end encryption between the update server and the device to be updated
- End-to-end encryption prevents the infiltration of malware into Bihl+Wiedemann devices
- Comparison with the server ensures the detection of outdated firmware versions
- The TÜV-tested procedure is also approved for firmware in safety products
- zertifikatsbasierte Ende-zu-Ende-Verschlüsselung zwischen dem Update-Server und dem zu aktualisierenden Gerät
- Ende-zu-Ende-Verschlüsselung verhindert das Einschleusen von Schadsoftware in Bihl+Wiedemann Geräte
- Abgleich mit dem Server sorgt für die Entdeckung veralteter Firmwarestände
- Das TÜV-geprüfte Verfahren ist auch für Firmware bei Safety Produkten zugelassen
We believe that this series of standards is currently the leading standard for security in the field of Industrial Automation and Control Systems (IACS). It can be assumed that these standards will be further developed and harmonized for the CRA, i.e., accepted as state of the art according to the CRA. The series of standards provides for different security levels (SL) depending on the risk, and these differ in terms of the strength of the protective measures. It is likely that devices with a higher CRA classification (critical or important products) will then have to meet higher SLs.
Both ASi-3 and ASi-5 have specialized communication methods that are very difficult to intercept and analyze. In the case of ASi-3, this is achieved by the specific sin² pulses, whereas in the case of ASi-5, it is achieved by the adapted OFDM (Orthogonal Frequency-Division Multiplexing) method.
These methods make ASi far more secure than existing industrial Ethernet protocols, which can be intercepted with commercially available network components.
Does Bihl+Wiedemann use open-source software in devices?
In some of our devices, open-source components are also used, among other things.
All software components are carefully selected, internally qualified and tested, and their function is verified by final quality tests in the devices.
When components are updated, every change is also checked and the affected components are re-evaluated and the function of the device is retested.
Software does not send any information to the outside
No services are implemented in the devices that transfer internal data to third-party servers.
Apart from the advertised options for password-protected (remote) maintenance, there are no hidden maintenance and remote access options that can be used to passively or actively transfer device data.
With the ASi-5/ASi-3 Gateways, access can also be disabled separately and directly on the device.
Should we find a software vulnerability in one or more devices, the stock is immediately blocked and checked so that no further devices are delivered until the vulnerability has been fixed.
Since 2019, we have offered customers the option of updating newer devices that they have already received themselves. We also offer a TÜV-certified process for security-related firmware updates.
Should we become aware of any security issues, all customers will be informed promptly.