EIF 2024 Review – Cybersecurity APL & Cybersecurity

ARC’s European Industry Forum, part of the successful series of worldwide conferences in Europe, America and Asia, has been held in Sitges (Barcelona), Spain on May 6-8, 2024. The event offered exclusive presentations and workshops on strategies and case studies in line with this year’s topic “Managing Digital Transformation in the Age of AI, Open Architectures, and Sustainability” to its 150 international participants from over 20 countries.

APL & Cybersecurity Panel 
Network convergence is an increasing trend in the automation domain, with more plant owners striving for a unification of networks in their plants. This yields a seamless network structure, simplified supervision, and reduced training effort for personnel, as only one unified network technology needs to be handled. A converged network also yields advantages with respect to the vertical integration in the plant, with asset management systems, big data, and AI applications relying on accurate and time-stamped data from the field.

The Ethernet-Advanced Physical Layer (Ethernet-APL) is one piece of the puzzle for such a converged network, supporting various real-time protocols like PROFINET, EtherNet, HART-IP, as well as the middleware protocol OPC UA. However, the converged, flat network leads to an increased attack surface, with field devices with Ethernet interfaces only having a small footprint with respect to memory size and computing power, making them an ideal victim for cyber attackers. A set of recommendations for the secure operation of converged networks in OT environments is discussed by the panel.

APL topology is briefly introduced by Prof. Niemann, with the focus remaining on network convergence, i.e., when the Ethernet protocol is extended to the sensor-actuator layer using APL. While both APL and PROFINET offer security mechanisms, the specific features and implementation may vary. Additional training is typically necessary for operators to understand and securely use APL, as it is a new technology that brings Ethernet connectivity to hazardous areas of process industries.

When engineering APL topologies, it’s important to consider the relevant parts of the IEC 62443 standard that pertain to network architecture, system integration, and security management. The specific chapters or parts of the IEC 62443 standard to be considered can depend on the specific requirements of the APL topology being engineered. There can be different Operational Technology (OT) security recommendations when engineering APL for Green-Field and Brown-Field applications.

The integrity and authenticity of the boot process is a crucial feature to ensure that the device firmware has not been tampered with by an attacker. The Ethernet-APL field device shall perform authenticity checks during the boot process to ensure that the device does not boot into an insecure or tampered state. The APL field device protects itself against DoS attacks to maintain the essential functionality of the device.

ARC’s European Industry Forum & Platform
We like to thank our sponsors, who supported the ARC EIF 2024, and all our speakers and presenters, who made the event interesting, exciting and memorable. The next Forum will take place in Sitges (Barcelona), Spain, on May 5 – 7. For more information, please contact Ann-Kathrin Blech (mailto:ablech@arcweb.com).