CODESYS SECURITY
Available measures and procedures in the CODESYS IEC 61131-3 Development System
Security features completely integrated in CODESYS
Modern industrial automation systems are interconnected – regardless of whether they are operated based on classic designs or aspects of Industry 4.0 or IIoT. Both of these present vulnerabilities to cyberattacks on very different levels. Security functions in CODESYS fix potential vulnerabilities.
CODESYS SECURITY procedures
The CODESYS product development and all security procedures are based on the specifications of the Security standard IEC 62443. Procedures defining how to handle vulnerabilities are established and are being put into practice.
- SECURITY features included in the CODESYS Development System
- Encryption of the application source code:
Protect your application know-how with a password, dongle, or X.509 certificates. - User management on the project level:
Define in detail the users authorized to read or write specific objects of your source code. - Encrypted communication between the CODESYS Development System and the PLC:
Use your automation device to protect data exchange against unauthorized access.
- Encryption of the application source code:
- SECURITY features included in the CODESYS Runtime System
- User management for controller access:
Avoid risk of failure by clearly defining which user of the PLC is authorized to start and stop the application or execute additional online functions. - Encryption and signing of the executable application code:
Protect your application against unauthorized reproduction or modification by means of X.590 certificates. - Operation modes for the executable application code:
Protect yourself against unintentional operations on the running machine. - Interactive login on the target device:
Avoid unintentional access to controllers in the network. - Easy exchange or recovery of controllers:
Exchange failed systems and easily install a previously performed data backup. - Encrypted OPC UA communication:
Avoid unauthorized access to data provided by the CODESYS OPC UA Server.
- User management for controller access:
- SECURITY features in the CODESYS Application code
- Access restrictions via application:
Use a library to define at runtime when specific critical operations must not be performed. - Enable additional functions:
Define in detail the users authorized to execute or operate specific functions of the application.
- Access restrictions via application:
- SECURITY features included in the CODESYS Visualization
- User management for visualizations:
Define in detail whether a user is authorized to read or execute certain visualizations. - Encrypted communication for the CODESYS WebVisu:
Protect data exchange between controller and browser.
- User management for visualizations:
- SECURITY features included in the CODESYS Automation Server
- Encapsulation of the devices in the local network:
Data exchange with the Server exclusively via CODESYS Edge Gateway. - Encrypted communication:
Data exchange between the Server and CODESYS Edge Gateway end-to-end encrypted via TLS based on X.509 certificates. - Reliable user and rights management:
Access to objects and information can be fine-tuned, e.g., via object properties and user accounts - the latter additionally secured via two-factor authentication - Total transparency of actions:
Recording of accesses and changes via audit trail - Know-how protection:
Signing / encryption of source and compiled binary code via X.509 certificate, dongle, or password. - Certified security:
Regular security audits by external auditors
- Encapsulation of the devices in the local network:
General Security measures for automation systems
In addition to using the special Security features included in CODESYS, automation systems should be protected by methods and procedures like the ones used in other interconnected systems:
- Antivirus protection
- Secure passwords that are changed on a regular basis.
- Firewall protection at network interface
- VPN tunnel for the connection of networks
- Careful use of mobile storage media such as USB sticks
Operation in a protected environment
Manufacturers and operators should protect their automation systems by using comparable standards to those deployed to protect strictly mechanical or electric systems:
- Not everybody is allowed to access a factory site.
- Not every employee of a factory is allowed to access every area.
- Not every employee in a production area is allowed to access the control cabinet.
In order to avoid errors and problems caused by unauthorized or unintentional access, data access should be divided into manageable and controllable units.
Awareness for IT Security
Negligence and a lack of awareness are the most frequent reasons for Security problems. Therefore, CODESYS recommends that manufacturers and operators of automation systems explain the existing dangers to their employees, familiarize them with appropriate security measures, and urge them to apply these measures.
Users should be familiar with the Security functions in CODESYS, and they should know how to deploy these functions effectively.
ADVANTAGES
- Hardware and operating system independence
CODESYS is a manufacturer-independent and operating system-independent comprehensive and flexible system.
The hardware independent integration offers sustainability for already deployed applications, and the possibility to start developments before having the hardware.
- Highest possible flexibility
Programmers benefit from the simultaneously use of six common programming languages (ST, SFC, LD, FBD, CFC, IL) and the possibility to integrate C or Python.
- Performance improvement
CODESYS customers enjoy regular updates and upgrades free of charge. Upgrades enhance the overall functionality, security and performance of the CODESYS software and extends its lifecycle as well.
The latest version of CODESYS can be downloaded free of charge from our CODESYS North America Store.
- Support
With the maintenance of CODESYS software services, you can keep a tab on your software expenditure. Most programs cover users for a year and include support service thereby reducing an organization's investment in IT greatly.
- Time Savings
The option to use Object Oriented Programming (OOP) designs facilitates modular and highly reusable code for control applications and significantly reduce development and maintenance time.
- Online Changes
CODESYS includes the possibility of changing the program without effecting the process - securely from all over the world.
- Availability of a wide range of tools
For efficient developments and diagnostics CODESYS has integrated analysis test, simulations, and offline tests. CODESYS includes efficient configuration, commissioning, and debugging tools to assist engineers throughout the development of their projects.
- Ergonomics
A simple and intuitive environment for programming and configuration of applications is embedded in CODESYS.
CODESYS SECURITY BROCHURE
AUTOMATION POWERED BY CODESYS
CODESYS Software Suite - perfectly suited for every industry