A stan­dard for secu­re gate­ways for data and ser­vices

The publi­shing of DIN SPEC 27070, adding to the IDS refe­rence archi- tec­tu­re, repres­ents ano­t­her mile­stone on the way to secu­re cross- com­pa­ny exchan­ge of indus­tri­al manu­fac­tu­ring data. The new stan­dard was deve­lo­ped in the cour­se of a work­shop led by Andre­as Teu­scher (SICK AG) and Gerd Brost (Fraun­ho­fer AISEC), who were sup­por­ted by Mar­tin
Uhl­herr from DIN (Ger­man Insti­tu­te for Stan­dar­di­z­a­ti­on).

DIN SPEC 27070 spe­ci­fies the requi­re­ments to be met by a secu­ri­ty
gate­way used for exch­an­ging indus­tri­al manu­fac­tu­ring data and ser­vices, inclu­ding the envi­ron­ment such a gate­way can be used wit­hin. The gate­way, which can be embed­ded in the IDS eco­sys­tem and which has been spe­ci­fied in line with IDS cer­ti­fi­ca­ti­on rules, allows three dif­fe­rent levels of secu­ri­ty (Base, Trust, Trust+). The­se secu­ri­ty levels com­ply with ISO/IEC 62443 (par­ti­cu­lar­ly ISO/IEC 62443–4‑2), but have been exten­ded by inclu­ding addi­tio­nal requi­re­ments deemed necessa­ry for the IDS eco­sys­tem.

DIN SPEC 27070 is the first initia­ti­ve spe­ci­fy­ing requi­re­ments regar­ding a secu­re gate­way for cross-com­pa­ny data exchan­ge in the manu­fac­tu­ring indus­try. Gate­ways for other indus­tries are envi­sa­ged for the future. “Our goal is to make DIN SPEC 27070 an inter­na­tio­nal stan­dard. And we see pos­si­bi­li­ties of broa­de­ning its scope and cover other are­as of app­li­ca­ti­on as well, so that it can evol­ve into a mul­ti­part stan­dard in the medi­um run“, say Andre­as Teu­scher und Gerd Brost, who also express their gra­ti­tu­de to all part­ners from indus­try and rese­arch invol­ved in the pro­cess: “Crea­ting this new stan­dard would not have been pos­si­ble without the gre­at com­mit­ment from each sin­gle part­ner.”

As soon as DIN SPEC 27070 has been publis­hed by the Ger­man Insti­tu­te for Stan­dar­di­z­a­ti­on, it will also be avail­ab­le on: www.internationaldataspaces.org