PROFINET Security Guideline
With its Security Guideline, PI is presenting a concept for the first time that takes into account the threats and special requirements of the automation world. This concept aims to protect automation components, irrespective of the communication protocols used or the network structure. Through the use of proven and open security mechanisms, the integration into existing security concepts is also possible.
This guideline is intended for users and operators of industrial networks, particularly those using Ethernet-based PROFINET. It points out the key aspects for the establishment of a security concept in this environment and provides appropriate recommendations.
Order No.: 7.002 / 7.001
Language: English / German
PROFINET Security Class 1 Guideline
As more and more IT functions and security features are implemented on field devices in the course of Industry 4.0, the security of data and communication is becoming increasingly complex and important. Functions for protecting integrity and authenticity must be implemented in PROFINET communication.
In order to increase security in PROFINET networks, different security classes are therefore gradually being introduced. In total, there will be 3 classes, whereas this document will only describe the extensions just for the PROFINET security class 1.
This document is intended to give component manufacturers, system vendors and users of the PROFINET technology an overview about the planed methods, applications and processes of the PROFINET Security extension in Security Class 1.
Draft in PI-Review:
Order No: 7.312
This draft is published for testing and review only. It must not be used for development purposes.
Comments to be submitted to www.profibus-project.com, until August 10, 2020.
Disclaimer / License:
License for supply of Specifications
Licensee acquires this license solely from PROFIBUS Nutzerorganisation e.V., having its principal place of business in Karlsruhe, Germany (hereinafter referred to as “Licensor”).
1.1 Subject of this license agreement is each technical specification issued by the Licensor, in electronic form (hereinafter referred to as “SPECIFICATION”). Software is provided in object code only.
1.2 The SPECIFICATION distributed hereby has been developed by members of the Licensor. Licensor hereby notifies Licensee that the SPECIFICATION is not an industrial standard acknowledged by any standardization body or otherwise and may be further enhanced.
2. Rights and Duties of Licensee
2.1 Licensor hereby grants to Licensee the right to use the SPECIFICATION exclusively for developing and supporting products compliant with the SPECIFICATION. Licensee may copy the SPECIFICATION for this purpose and for data backup purposes.
2.2 Licensee shall not be entitled to modify, decompile, reverse engineer or extract any individual parts of the SPECIFICATION, unless this is permitted by mandatory copyright law. Furthermore, Licensee shall not be entitled to remove any alphanumeric identifiers, trademarks or copyright notices from the SPECIFICATION and, insofar as Licensee is entitled to make copies of the SPECIFICATION, Licensee shall copy them without alteration.
2.2 Licensee shall not be entitled to publish, market or distribute the SPECIFICATION. However, Licensee shall be entitled to transfer the right to use the SPECIFICATION granted to it to a third party, provided that Licensee concludes a written agreement with the third party in conformance with all of the conditions contained in this Section 2 and on the proviso that Licensee does not retain any copies of the SPECIFICATION.
3. Liability of Licensor
3.1 Licensor shall have no obligation to enhance the SPECIFICATION and shall assume no liability in case the SPECIFICATION or future versions thereof shall not be approved as an industrial standard.
3.2 The SPECIFICATION is delivered free of charge "as-is” to all members of the Licensor. Any liability and warranty for the SPECIFICATION - irrespective of the legal reason therefore - e.g. as to quality or title, its correctness, absence of defects, absence of claims of third party rights or in relation to its completeness and/or fitness for any specific purpose is excluded.
The Licensor is not liable for damages due to the use of the SPECIFICATION or for damages which have been caused by the design of hardware or software according to the information provided within the SPECIFICATION. Any liability for consequential, special or indirect damages including, but not limited to, loss of profit, loss of use and business interruption, regardless of the theory of law, are excluded.
3.3 The aforesaid exclusion of liability shall not apply as far as there is a legally binding liability, e.g. under product liability legislation, in cases of intent, of gross negligence, of injury of life, body or health or wilful hiding of a defect, or due to violation of major contractual obligations. However, liability for damages arising from the violation of major contractual obligations shall be limited to the foreseeable damage normally covered by a contract, unless in cases of intent or gross negligence. No change in the burden of proof to the detriment of Licensee is involved by the aforesaid provision.
4. Place of Jurisdiction and Applicable Law
4.1 The sole place of jurisdiction shall be the principal place of business of Licensor.
4.2 All relations arising out of the contract shall be governed by the substantive law of Germany, to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods (CISG).