Security in iCube Engineer
You have to protect components, networks and systems against unauthorized access and ensure the integrity of data.
This chapter describes the following:- The security-related features implemented in iCube Engineer that help protecting the engineering system, your solution as well as the automation system.
- The measures to protect network-capable devices with communication interfaces, solutions, and PC-based software against unauthorized access. It is mandatory to take suitable measures where applicable to protect your system and data.
General security-related procedures, rules and recommendations
iCube Engineer implements important security-related features. These features are described below.
In addition, you as a user have to observe particular security rules and take suitable organizational and technical measures to protect iCube Engineer, controllers, bus couplers, switches, solutions and project/configuration data against malicious or erroneous change.
- Use an Information Security Management System (ISMS) to manage all of the infrastructure-based, organizational, and personnel measures that are needed to ensure compliance with information security directives.
- Observe the information given in the Security Guideline for iCube Engineer.
- At least take all the measures described in the topic "Recommended measures for devices and solutions" into consideration.
| Further Info
Also refer to the security-related information in the iCube Info Center which provides many information and practical user tips on the iC9200 Series control platform and iCube Engineer. |
Security features implemented in iCube Engineer
iCube Engineer implements security-related features in several aspects. These features are described in separate chapters or in the context of the corresponding software component. Here, an overview on this security-related implementation is given. Follow the links to get details.
Protection of the iCube Engineer installation
| Type of protection | Description/implementation | |
|---|---|---|
| Tamper detection | When installing iCube Engineer, checksums are calculated over the installation. By verifying these checksums, manipulations and data corruption can be detected. Use a standard Windows tool to verify that the iCube Engineer installation is not tampered/corrupted. See section "Installation check / tamper detection" in the topic "Security Guideline for iCube Engineer" for further information.
|
|
| Licensing of iCube Engineer | The basic version of iCube Engineer comes with a time-limited license which is free of charge. To continue using the software after the trial period of iCube Engineer has expired, you have to activate it for an unlimited period by entering the license code. |
Protection of the communication
| Type of protection | Description/implementation |
|---|---|
| Secured data transmission with TLS | Data transmission is protected by means of TLS. Transport Layer Security is a hybrid encryption protocol which secures the Internet data transfer. |
| Secured communication between iC9200 Series controllers and iCube Engineer | Certificates ensure secure communication connections between iC9200 Series controllers and iCube Engineer. Note that the communication of the integrated OPC UA server is secured by a separate certificate (see following table row).The preinstalled manufacturer-defined certificate on the controller can be replaced by a customer-specific certificate. Afterwards, the relevant certificate(s) (at least the root certificate) must be installed in iCube Engineer in order to validate the controller as trusted device.By securing the communication connection this way, also potential man in the middle attacks between the iCube Engineer and the iC9200 Series controller are recognized by the iCube Engineer. If such an attack is detected, you have the choice to stop the connection or to continue if the communication breach is intended and needed to support the chosen network architecture. |
| Secured OPC UA server-client communication | The communication of the integrated OPC UA server is secured by a separate certificate. This affects data exchange with OPC UA clients. See topic "OPC UA Security Settings" for details. |
| Secured communication between iCube Engineer ACI and ACI client app | To prevent an unauthorized communication via the ACI interface, the connection between an ACI client and iCube Engineer is secured by means of a cookie which is stored on the engineering PC. This cookie is encrypted (using Windows Data Protection API) and is afterwards specifically bound to the user login. By verifying the cookie on connection establishment, the authenticity of the ACI client and iCube Engineer can be verified thus ensuring that the connection is authorized. Refer to section "Security-related particularities regarding the Application Control Interface (ACI)" for details. |
Protection of devices
| Type of protection | Description/implementation |
|---|---|
| Secured network devices | Secure device concept with user roles and password for iC9200 Series controllers.Further protection measures are described in the topic "Recommended measures for devices and solutions". |
Protection of libraries
| Type of protection | Description/implementation |
|---|---|
| Tamper protected libraries | When releasing a library, iCube Engineer calculates checksums over the contained components which are then used as signature. By means of this signature the library can be uniquely identified. If included in a project, the signature is verified each time the project is loaded. This way, any modifications (e.g., new version) or data corruptions are recognized. See topic "Tamper Protection of Libraries" for further details. |
| Know-how protected libraries | When releasing a library, you can protect the contained know-how by defining the visibility of each user-defined POU and data type. Possible protection settings for user library elements are 'Visible', 'Restricted' or 'Hidden'. Furthermore, the redistributability of user libraries can be restricted (setting 'Redistribution = One level only').See the topic "Releasing Libraries" for further details. |
| Note
The protection of safety-related data and therefore the integrity of the safety function is of particular importance. The manipulation of the safety-related application program may result in:
|
| Type of protection | Description/implementation | |
|---|---|---|
| Protection of safety data integrity/consistency | Safety-related data is continuously verified regarding its consistency and integrity. This verification includes:
|
|
| Protection of integrity and authorship of safety-related, loadable C functions | Security mechanisms ensure the integrity and authorship of safety-related, loadable C functions: When releasing a safety-related function block library with loadable C code, you must provide a file that contains a signature certificate as well as the relating issuer certificates and the corresponding private key (signature key). The root certificate must have been previously announced in iCube Engineer. The private key is used for generating the signature of the safety inventory. As a result, this inventory signature then contains the signature certificate including the relating issuer certificates and can be used to proof the integrity of the library and the authorship of the library releaser.
|