Secured remote configuration approach for industrial cyber-physical systems

Abstract

Facilitating remote updates of configuration parameters for industrial cyber-physical systems (ICPSs) is an emerging requirement due to interconnected production facilities. However, allowing remote configuration changes entail the following security issues. Malicious configuration updates through unprotected configuration interfaces can physically harm the ICPS or the respective process, and even threaten human lives. Also, for configuration interfaces to be remotely accessible, corporate networks need to be configured accordingly to provide access possibilities. Such additional access possibilities might then be used by adversaries when attacking corporate networks and thus, are often seen as a security weakness. If ICPS are not updated, outdated configurations also lead to security weaknesses. To mitigate these issues, we present a secured remote configuration approach for ICPS that protects the configuration interface as well as configuration data. The approach utilizes appropriate security measures and is realized as external configuration update module to allow easy verification of ongoing update processes.