Overview

This guide is intended to assist with managing security risks when using Beckhoff products.

The management of security risks is part of the risk management for a complete automation system. The aim is to achieve a secure state of the automation system through detection, analysis, evaluation, monitoring and control of security risks. However, a completely risk-free and secure state can never be achieved.

This guide refers to risk management and describes how Beckhoff products can be fundamentally protected against various threats. The guide is regularly revised and extended.

Contents

Hazards and risk assessment Steps to protect your IPC

This section provides a quick and uncomplicated overview of available and recommended steps to protect an IPC. At this point the focus is on meaningful security, which must be weighed up according to the actual situation.
Therefore, the priority without a comprehensive risk determination is to at least establish fast security, on which further measures should then be based.

Hazards and risk assessment

This section provides an overview of the hazards and risk assessment for an automation system. Different attackers and types of attacks as well as typical threat scenarios and protection principles are described. Section Security-relevant properties in the appendix of the guide forms a basis.

Measures

This section describes basic security measures, including physical measures, managing users and programs, securing the operating system, and aspects of communication.

It is advisable to adapt the measures to the intended purpose and to implement a meaningful selection of measures depending on the application.

Appendix

 

The implementation of the measures is explained step-by-step in the appendix. In addition, the security-relevant properties are summarized and further reading and tools are listed.

Security cannot be achieved by implementing individual measures alone, it can only be maintained with a supporting process. Such security processes are described in IEC 62443, for example. They include asset management, threat analysis and patch management (see Further reading).

Support for security issues

In order to address security-relevant concerns or to report security irregularities relating to our products, you can contact us by email on product-securityincident@beckhoff.com. We will process your request as soon as possible.

We ask you to follow the principle of (Coordinated Disclosure) and publish advisories on our website (Advisories).