Page 7

Industrial Ethernet Book 104

7 Cyber security for modern TSN automation networks Time-Sensitive Networks look to provide the high bandwidth and real-time services that are prerequisite for the modern automation networks of the future. Since TSN is not a manufacturer-specific technology, it can be universally utilized in all automation networks but steps need to be taken to guarantee cyber security. TIME-SENSITIVE NETWORKING (TSN) is the next evolutionary step for Ethernet technology and it is well on its way to establishing itself as a fundamental building block for Industry 4.0 and IIoT networks. While introducing real-time communication properties and guarantee of service, this new technology also creates new cyber security challenges. But these challenges can widely be managed with existing and proven security mechanisms as well as with established best practices for industrial network security. Time is of the essence TSN is comprised of a family of standards that is specified in the IEEE 802.1 and 802.3 working groups. Some of these standards have recently been published, whereas others are still in preparation. Common to most of these standards is the need for a shared time base on all devices that participate in a TSN network. This common understanding of time is necessary to be able to transmit data frames deterministically along a scheduled path, adhering to a clearly defined upper latency boundary (delay time) and achieving low jitter (delay variation). To provide these properties, TSN utilizes TDMA (Time Division Multiple Access) splitting time into repeating cycles. Time slots in these cycles are then reserved for high priority data streams, which need to be protected from other network transmissions. Such reservations happen for all network participants along the transmission path. In other words, a reservation creates a virtual circuit between two or more end-devices through the TSN network. To make sure that each device adheres to the reserved time slots, the internal clocks of all network devices need to be synchronized. The high precision, which is required for TSN regarding time synchronization, is typically In a centralized TSN configuration approach, end devices communicate directly with a central configuration instance. achieved using IEEE 1588, better known as the Precision Time Protocol (PTP). Time as an attack vector When aiming to impede the operation of today’s networks, Denial of Service (DoS) attacks are a widely used tool. DoS can, for instance, be achieved by flooding the network with large amounts of data, thus overloading SOURCE: BELDEN it to the point where it can no longer perform its function. As TSN relies on synchronized clocks, both the PTP synchronization protocol as well as the TDMA mechanism are new attack vectors in a TSN network. As a result, it already suffices to target and deliberately overload a single reserved time slot in order to impact a specific mission-critical communication SOURCE: BELDEN Transformation from the automation pyramid to the automation pillar in future automation networks. Time division multiplexing permits the reservation of time-slots within a cycle in order to enable the timely transmission of periodic real-time data. 2.2018 industrial ethernet book Technology


Industrial Ethernet Book 104
To see the actual publication please follow the link above