Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung IOSB

Filters

10
3
10
Reset filters

Settings
Now showing 1 - 10 of 10
No Thumbnail Available
Publication

Determining the Target Security Level for Automated Security Risk Assessments

2023 , Ehrlich, Marco , Bröring, Andre , Diedrich, Christian , Jasperneite, Jürgen , Kastner, Wolfgang , Trsek, Henning

Due to Industry 4.0 developments, the demanded modularity of manufacturing systems generates additional manual efforts for security experts to guarantee a secure operation. The rising utilization of information and the frequent changes of system structures necessitate a continuous and automated security engineering, especially by application of the mandatory security risk assessments. Collecting the required information for these assessments and formalising expert knowledge shall improve the security of modular manufacturing systems in the future. In order to automate the security risk assessment process, this work proposes a method to determine the Target Security Level (SL-T) in conformance to the IEC 62443 standard based on the MITRE ATT&CK framework and the Intel Threat Agent Library (TAL).

View
No Thumbnail Available
Publication

Quality-of-Service monitoring of hybrid industrial communication networks

2019 , Ehrlich, Marco , Neumann, Arne , Biendarra, Alexander , Jasperneite, Jürgen

Today many hybrid (wired & wireless) industrial communication networks with a huge variety of heterogeneous technologies and protocols are present in the manufacturing and automation domain. The increasing requirements regarding e. g., latency, reliability, or determinism create the need for a holistic network management concept in order to assure a network-wide Quality-of-Service (QoS) resource provisioning and the assurance of the admissioned resources. Consequently, a monitoring of the whole network is required to feed the network management system with the needed information about the underlying network processes. Various technical approaches using different methods of extracting the information from network traffic are available for the purpose of QoS parameter observance and measurement at the moment. Therefore, this paper provides a state of the art research about network management and QoS provisioning respectively QoS assurance concepts. In addition, the passive network monitoring approach using the flow export technique based on the Internet Protocol Flow Information Export (IPFIX) is investigated for a utilisation in the nowadays industry domain based on a conceptual case study with a wireless protocol. As a conclusion, an evaluation is performed in order to clarify the limits and the overall usability of IPFIX for the monitoring of industrial networks in order to support future network management systems.

View
No Thumbnail Available
Publication

Passive flow monitoring of hybrid network connections regarding quality of service parameters for the industrial automation

2017 , Ehrlich, Marco , Biendarra, Alexander , Trsek, Henning , Wojtkowiak, Emanuel , Jasperneite, Jürgen

Today many hybrid (wired/wireless) communication networks with high requirements regarding latency, reliability, determinism, and security are present in the industrial domain. The corresponding required network monitoring and management becomes more and more important for all related businesses and applications. Therefore, this paper investigates the passive network monitoring approach using the flow export technique based on the Internet Protocol Flow Information Export (IPFIX) for the industry. A state of the art research will be provided, a prototype is implemented, and measurements respectively an analysis is performed in order to clarify the limits and the overall usability of IPFIX for the industrial automation domain.

View
No Thumbnail Available
Publication

Towards monitoring of hybrid industrial networks

2017 , Neumann, Arne , Ehrlich, Marco , Wisniewski, Lukasz , Jasperneite, Jürgen

Nowadays, industrial networks are characterized by complex architectures of hybrid, wired and wireless segments, combining automation and information technology (IT). Their operation is supported by network management facilities. Network monitoring is a basis for management as it provides the necessary status information. This paper presents an approach to apply a monitoring concept coming from the IT domain for an industrial wireless network as a step towards a uniform monitoring and management of heterogeneous networks.

View
No Thumbnail Available
Publication

Evaluation Concept for Prototypical Implementation towards Automated Security Risk Assessments

2023 , Ehrlich, Marco , Bröring, Andre , Trsek, Henning , Jasperneite, Jürgen , Diedrich, Christian

Due to Industry 4.0 developments, the demanded modularity of manufacturing systems generates additional manual efforts for security experts to guarantee a secure operation. The rising utilization of information and the frequent changes of systems necessitate continuous security engineering. Therefore, this work in progress presents the specification and prototypical implementation for automated security risk assessments. In addition, an outlook towards the associated validation, verification, evaluation, and hypothesis testing is given.

View
No Thumbnail Available
Publication

Modelling and automatic mapping of cyber security requirements for industrial applications: Survey, problem exposition, and research focus

2018 , Ehrlich, Marco , Wisniewski, Lukasz , Trsek, Henning , Jasperneite, Jürgen

The rapid process of digitalisation has an advanced impact on the industrial automation and manufacturing domain. In order to support all the upcoming technologies and paradigm changes in a future-proof way the Reference Architecture Model Industrie 4.0 (RAMI4.0) is presently developed in Germany. The requirements, such as Quality of Service (QoS) provisioning for communication systems, network management, and Safety & Security, towards the Factories of the Future (FoF) are constantly increasing. The currently approached solution contains the concept of the Asset Administration Shell (AAS) as a general information storage and exchange point for all possible industrial assets. In consequence, the AAS needs a universal modelling concept of all mandatory information to set up the basis for automatic configuration abilities, which are desired in the Industrie 4.0 (I4.0) visions. Nevertheless, especially in the area of cyber security, which was neglected in the past and has gained a lot of attention nowadays, these modelling concepts are still missing. Therefore, this paper will provide an overview about the ongoing progress in this area, describe the related work, and outline the impending research containing a first concept for the desired Unified Security Modelling Metric (USMM).

View
No Thumbnail Available
Publication

Security concept for a cloud-based automation service

2017 , Ehrlich, Marco , Lang, Dorota , Wisniewski, Lukasz , Trsek, Henning , Jasperneite, Jürgen

Neue und innovative Ansätze aus dem Bereich Industrie 4.0 werden durch die Verbindung von physikalischen und virtuellen Umgebungen und stetig steigender Vernetzung dazu führen, dass die anerkannte Automatisierungspyramide immer mehr verschwindet. Das Forschungsprojekt INAS-Cloud spezifiziert und entwickelt daher einen Cloud-basierten Automatisierungsdienst der eine speicherprogrammierbare Steuerung (SPS) beinhaltet um die neuen Anforderungen hinsichtlich Flexibilität und Wandlungsfähigkeit zu erfüllen. Da bestehende Security Konzepte für die Automation meistens auf einer strikten physikalischen oder logischen Trennung der Netzwerke beruhen und immer die volle Kontrolle des Betreibers voraussetzen, wird im Rahmen dieser Arbeit eine Security Analyse des neuen Cloud-basierten Systems durchgeführt. Im Anschluss daran werden in Anlehnung an das Vorgehensmodell der VDI/VDE 2182 die Risiken eines definierten Anwendungsfalls bewertet und daraus die erforderlichen Maßnahmen als wesentlicher Bestandteil des Security Konzepts abgeleitet.

View
No Thumbnail Available
Publication

Towards automated risk assessments for modular manufacturing systems

2023 , Ehrlich, Marco , Bröring, Andre , Diedrich, Christian , Jasperneite, Jürgen

Manufacturing systems based on Industry 4.0 concepts provide a greater availability of data and have modular characteristics enabling frequent changes. This raises the need for new security engineering concepts that cover the increasing complexity and frequency of mandatory security risk assessments. In contrast, the current standardization landscape used for the assessment of these systems only offers abstract, static, manual, and resource-intensive procedures. Therefore, this work proposes a method that further specifies the IEC 62443 aiming to automate the security risk assessments in such a way that manual efforts can be reduced and a consistent quality can be achieved. The methodology is presented using network segmentation as a guiding example and consists of four main steps: Information collection based on a process analysis, information formalisation with a semi-formal model, information usage applying first order logic to extract expert knowledge, and information access using the concept of the digital twin. In addition, the applicability of the IEC 62443 standard to the risk assessment of modular manufacturing systems is evaluated.

View
No Thumbnail Available
Publication

Software-defined networking as an enabler for future industrial network management

2018 , Ehrlich, Marco , Krummacker, Dennis , Fischer, Christoph , Guillaume, Rene , Perez Olaya, Santiago Soler , Frimpong, Ansah , Meer, Hermann de , Wollschlaeger, Martin , Schotten, Hans D. , Jasperneite, Jürgen

The overall Industry 4.0 (I4.0) developments combined with the disruptive process of IT-based digitalisation create a vast amount of new opportunities but also challenges for the industrial automation domain. The combination of hybrid (wired & wireless) communication architectures, already widely installed legacy technologies, new approaches, such as Time-Sensitive Networking (TSN) or 5G, and the general heterogeneity of the industrial landscape results in a high configuration complexity. This creates the necessity for future-proof industrial communication network management systems. Therefore, this paper summarises the current state of the art in this area in order to identify the specific requirements towards future industrial network management systems. The most promising candidate is the Software-Defined Networking (SDN) concept. To evaluate SDN as a possible enabler, specified industrial requirements are compared with the current technological and conceptual capabilities of SDN. In addition, drawbacks resulting in future research questions are identified.

View
No Thumbnail Available
Publication

Automatic mapping of cyber security requirements to support network slicing in software-defined networks

2017 , Ehrlich, Marco , Wisniewski, Lukasz , Trsek, Henning , Mahrenholz, Daniel , Jasperneite, Jürgen

The process of digitalisation has an advanced impact on social lives, state affairs, and the industrial automation domain. Ubiquitous networks and the increased requirements in terms of Quality of Service (QoS) create the demand for future-proof network management. Therefore, new technological approaches, such as Software-Defined Networks (SDN) or the 5G Network Slicing concept, are considered. However, the important topic of cyber security has mainly been ignored in the past. Recently, this topic has gained a lot of attention due to frequently reported security related incidents, such as industrial espionage, or production system manipulations. Hence, this work proposes a concept for adding cyber security requirements to future network management paradigms. For this purpose, various security related standards and guidelines are available. However, these approaches are mainly static, require a high amount of manual efforts by experts, and need to be performed in a steady manner. Therefore, the proposed solution contains a dynamic, machine-readable, automatic, continuous, and future-proof approach to model and describe cyber security QoS requirements for the next generation network management.

View