1. Field of the Invention
The invention relates to an industrial automation system and a method for safeguarding the system.
2. Description of the Related Art
Industrial automation systems comprise a multiplicity of computers for controlling devices, such as, machines or sensors. For security reasons, industrial automation systems are generally self-contained systems, i.e., that incorporating further components (such as machines, devices or computers for controlling and updating existing components of the system) is therefore often associated with security problems. In some instances, such devices which could not support security protocols or authentication protocols of the automation system are also implemented in automation systems. Such devices are potentially insecure and form a possible weak point for attackers.
One example of such an insecure device of an automation system is a component having an interface for a different, external device that is intended to be connected to the automation system. The component can be, e.g., a switch or a bridge. The interfaces thereof are usually based on the Ethernet protocol. The device having the interface for the external device can optionally be connected to further components of the automation system in a wireless or wired manner.
A further example of insecure devices is components that do not have a capability to support security protocols. If a different, external device, such as a computer, is connected to such devices via the interface, then access to all components of the automation system is already possible because no further security mechanisms are provided. This makes it possible for an attacker to spy out, for example, configuration data and the like.
One possibility for preventing unsupervised access to the components of the automation system is to provide a dedicated port for an insecure device. Furthermore, a gateway can be provided between the insecure device and the components of the automation system, where the gateway then provides a port for the insecure device. However, both solutions lead to the problem that an open, unsecured port has to be provided, to which the insecure device is to be connected.
It is known from U.S. Pat. No. 7,314,169 B1, for the purpose of increasing the security of an automation system, to instigate the generation of an access ticket or some other suitable data structure by a central unit for a device to be connected to the automation system, where the access ticket is at least partly based on an identity feature of a requesting unit. In this case, in an access ticket, access rights are allocated to each requesting unit. One disadvantage of this procedure is that a high outlay on administration is required.