Field of the Invention
The invention concerns a method for protecting an automation component against program manipulations by determining a threat situation of the automation component.
Description of the Prior Art
Automation systems in factory automation are composed of a series of different automation components, essentially at the control and field level, such as programmable logic controllers, for example. The term automation component in such cases is understood as encompassing any intelligent field or control component equipped with software, and to this extent drive, monitoring and/or sensor components are also encompassed by the term. The automation components are generally networked with one another and are operated and/or monitored by different hierarchically-arranged, superordinate controllers. The hierarchical superordinate control levels are known as operator level, management level or enterprise level.
Increasingly, even automation components at the control and field level are becoming the target of so-called cyber attacks and program manipulation, which could have effects on the control of a production process for example. A series of safety components are known, which largely prevent intrusion into the automation system as a whole, or at least are designed to recognize such an intrusion. Usually these are single, stand-alone measures that increase the industrial safety of automation components, but which are neither sufficient on their own to guarantee comprehensive manipulation protection, nor is it known how to combine these safety components in a suitable manner. Thus automation components with integrated security functions currently offer a certain protection from program modifications. Known and already integrated protection mechanisms are know-how protection, copy protection or access protection. To the extent that manipulation protection is to be guaranteed, this protection relates only to the transmission of data in the aforementioned superordinate levels from and to the HMI (Human Machine Interface). Even these protection mechanisms can be bypassed with sufficient effort (e.g. brute force). If a program modification still occurs despite this protection effort, the program manipulations—namely the modifications of the process behavior—are not able to be recognized with such means.
Also known are SIEM (Security Information and Event Management) solutions, which are integrated into automation environments. In these solutions, security-relevant characteristic variables are extracted from the components in order subsequently to be able to guarantee complex system protection with said variables. In such cases general information is collected via conventional protocols such as SNMP or Syslog and if necessary related to further information from security components. But here too a comprehensive access to all variables which describe the cyclic behavior of an automation component is not possible. Program manipulation is thus not able to be recognized.