Chapter 4. Security Capabilities
20 PACSystems PROFINET IO Devices Secure Deployment Guide GFK-2904D
4.5 Confidentiality and Integrity
Communication Protocols
Some communications protocols provide features that help protect data while it is in flight
– actively moving through a network. The most common of these features include:
• Encryption: Protects the confidentiality of the data being transmitted.
• Message Authentication Codes: Ensures message authenticity and integrity by cryptographically
detecting message tampering or forgery. This ensures the data originated from the expected source
and was not altered since it was transmitted, regardless of whether or not it was malicious.
Currently, only the Web Page Reset Password HTTPS communications provides Encryption. None of other the
communications protocols supported by PROFINET I/O Devices provide either of these features, as detailed in
the table below. Therefore, compensating controls may be required to meet an installation’s security
requirements for protecting data in-flight.
Protocol-Provided Security Capabilities
Firmware Signatures
Some PROFINET I/O Devices supplied by GE Automation & Controls may have digitally signed firmware images
to provide cryptographic assurance of the firmware’s integrity. For PROFINET I/O Devices that support this
feature, a digital signature is used to verify that any firmware being loaded onto the module was supplied by
the General Electric Company, and has not been modified. If the digital signature validation fails, the new
firmware will not be installed onto the device.
Logging and Auditing
PROFINET I/O Devices supplied by GE Automation & Controls do not provide a dedicated security log
embedded within the module, nor do they integrate with an external Security Information and Event
Management (SIEM) system.
To Next Page
Loading...
