Safety
Product manual 2CKA001473B5342
│
19
2.5 Cyber
security
The industry faces intensifying cyber security risks. In order to increase stability, safety and
robustness of its solutions, Busch-Jaeger has formally established cyber security robustness
testing as part of the product development process.
The following measures are prerequisite for the safe operation of your system. Busch-Jaeger
accepts no liability for non-observance.
Access control and limitation
The careful isolation of the system against unauthorized access is the basis for every protective
concept. Only authorized persons (fitter, caretaker, tenant) are allowed physical access to the
IP network or bus system and its components. This also includes the device described in this
instruction manual.
The best possible protection of the IP or network media (WLAN) and the transfer nodes must be
guaranteed already during planning and installation. Sub-distributions with fieldbus devices
must be lockable or be in rooms to which only authorized persons have access.
Bus cabling
■
The ends of the bus cables must not be visible, i.e. they must not project out of walls or
channels, either inside or outside of the building.
■
Bus cables in outdoor areas or in areas with limited protection represent an increased safety
risk. The physical access should be made exceptionally difficult.
IP Network
The local network represents a sensitive component for secure communication. That is why
unauthorized access to the local network should be prevented. The normal safety mechanisms
for IP networks are to be used, e.g.:
■
Secure encryption of wireless networks
■
Use of complex passwords and protection of these against unauthorized persons
■
Physical access to network interfaces (Ethernet interfaces) and network components
(router, switches) should only be possible in protected areas.
■
MAC filter (table with certified device addresses)
Connection to the Internet or the local IP network
To prevent improper use, no router ports from the Internet into the building network or home
network are to be opened to the Busch-SmartTouch
®
. A VPN tunnel is suitable for safe remote
control.
The stable and reliable function of the device also depends on the reliability of the local IP
network to which the server is connected. For this reason additional network components are to
be used to repel the DoS attacks (denial of service) from the Internet. Such attacks can
overload the local IP network or the individual components and make them inaccessible.