Development and implementation of a secure production network

Abstract

With the rise of the intelligent production environments the consistent automatization of ordering, production and shipping is intended. A certain company network is therefore necessary, which is basically segmented in IT and OT. Unfortunately, these two networks are often not properly secured or wrong configured leading to vulnerabilities for cyber-attacks and thus to safety hazards due to inseparable interaction. Therefore, a network architecture, segmented into six subnets will be designed in this work. This proposed network of the production plant consists of an OPC UA server and multiple clients (based on the open62541 library), a mobile robot and state-of-the-art security measures. Finally, a penetration test by TÜV TRUST IT TÜV AUSTRIA GmbH team was executed to validate this setup and to discover remaining security vulnerabilities. Subsequently the network-architecture and the security-measures based on the IEC 62443 requirements were improved and as a result to be operational in a secure environment.