Security Analysis and Improvement of Data Logistics in AutomationML-Based Engineering Networks

Abstract

The Automation Markup Language (AutomationML) is a concept developed in 2008 in order to provide a versatile data format for seamless exchangeability of engineering data, with the goal of simplifying the design and creation of cyber-physical production systems. Different software, such as CAD programs, shall be able to support this format. Especially in the case of collaborative work and data exchange, security can become an important issue as current approaches do not fulfill the essential security objectives necessary, meaning that authenticity, integrity, and confidentiality of the stored files are not ensured from the start of product design to the end product. This raises questions not only about the confidentiality of company information but also about the safety of production lines and end products. Leakage of confidential information (e.g., construction plans), leading to unintended spread of know-how, can be an expensive consequence. Unauthorized and undetected (malicious) modifications may even lead to faults in end products, availability issues, or serious accidents within the production line. This chapter focuses on the demonstration of open issues within AutomationMLbased engineering project environments. We are going to demonstrate why some kind of security layer (i.e., layer ensuring access control and privileges, as well as ensuring data integrity) is crucialwhen usingAutomationML. Therefore, we provide assumptions about potential attacks and their potential consequences.We introduce an approach to identify and analyze assets, potential threats and vulnerabilities, resulting risks, as well as countermeasures that are relevant for ensuring the abovementioned properties: confidentiality of know-how, availability of the assets, and the integrity of relevant data.