Standard for Secure Gateways for Data and Services

IDS is Officially a Standard: DIN SPEC 27070 is Published

On Febru­a­ry 21st, 2020, the DIN SPEC 27070 “Requi­re­ments and refe­rence archi­tec­tu­re of a secu­ri­ty gate­way for the exchan­ge of indus­try data and ser­vices” was publis­hed and is now avail­ab­le from the Ger­man Insti­tu­te for Standardization’s Beuth Ver­lag.

Glo­bal­ly net­wor­ked pro­duc­tion pro­ces­ses demand data exchan­ge that trans­cends com­pa­ny and sec­tor bounda­ries. In this con­text, data secu­ri­ty and data sov­er­eig­n­ty are indis­pensable. DIN SPEC 27070 spe­ci­fies the requi­re­ments to be met by a secu­ri­ty gate­way for data exchan­ge, with regards to the gate­way archi­tec­tu­re and cyber secu­ri­ty mea­su­res. Sebas­ti­an Stein­buss, CTO of Inter­na­tio­nal Data Spaces Asso­cia­ti­on, about the publi­ca­ti­on: “Adding to the Inter­na­tio­nal Data Spaces Refe­rence Archi­tec­tu­re, the release of the DIN SPEC repres­ents a huge mile­stone on the way to secu­re cross-com­pa­ny exchan­ge of indus­tri­al manu­fac­tu­ring data. The next step is to make this DIN SPEC an inter­na­tio­nal stan­dard – an ISO stan­dard.” The spe­ci­fi­ca­ti­on was deve­lo­ped by the Ger­man Insti­tu­te for Stan­dar­di­z­a­ti­on (DIN), tog­e­ther with Fraun­ho­fer AISEC, SICK AG and 13 other orga­niz­a­ti­ons from indus­try and rese­arch.

A Secu­ri­ty Gate­way for the Sov­er­eign Data Exchan­ge: The IDS Con­nec­tor

The IDS con­nec­tor, which has been spe­ci­fied in line with IDS cer­ti­fi­ca­ti­on sche­me, acts as a secu­ri­ty gate­way. It can be imple­men­ted in dif­fe­rent ways depen­ding on the sce­n­a­rio: on micro­con­trol­lers, sen­sors, mobi­le devices, on ser­vers or in the cloud. Due to the con­tai­ner archi­tec­tu­re, the IDS con­nec­tor also allows trus­ted exe­cu­ti­on of apps – tho­se that can sov­er­eig­n­ly pro­cess data from dif­fe­rent sources. The con­nec­tor is the­re­fo­re a sui­ta­ble exe­cu­ti­on com­po­nent for Ama­zon Web Ser­vices, Data Intel­li­gence Hub by t‑systems or SAP HANA, becau­se it enab­les the plat­forms to offer a secu­re envi­ron­ment in which data sov­er­eig­n­ty is gua­ran­te­ed. Domain-spe­ci­fic app­li­ca­ti­on pro­files enab­le embed­ding in spe­cia­list domains with dif­fe­rent requi­re­ments.

Three Levels of Secu­ri­ty

The IDS con­nec­tor allows three dif­fe­rent levels of secu­ri­ty: Base, Trust, Trust+. The “base” pro­fi­le meets basic secu­ri­ty requi­re­ments for com­mu­ni­ca­ti­on across com­pa­ny bounda­ries. A con­nec­tor that has been cer­ti­fied accord­ing to the “trust” pro­fi­le pro­vi­des addi­tio­nal secu­ri­ty fea­tures such as strict iso­la­ti­on of the ser­vice con­tai­ners and mutu­al veri­fi­ca­ti­on of inte­gri­ty. A “trust+” pro­fi­le con­nec­tor even pro­vi­des pro­tec­tion against mani­pu­la­ti­on by mali­cious admi­nis­tra­tors. The­se secu­ri­ty levels com­ply with ISO/IEC 62443 (par­ti­cu­lar­ly ISO/IEC 62443–4‑2) but have been exten­ded by inclu­ding addi­tio­nal requi­re­ments deemed necessa­ry for the IDS eco­sys­tem. That makes DIN SPEC 27070 the first initia­ti­ve spe­ci­fy­ing requi­re­ments regar­ding a secu­re gate­way for cross-com­pa­ny data exchan­ge in the manu­fac­tu­ring indus­try.

Aiming for an Inter­na­tio­nal Stan­dard

Gate­ways for other indus­tries are envi­sa­ged for the future. “Our goal is to make DIN SPEC 27070 an inter­na­tio­nal stan­dard,” says Andre­as Teu­scher, Chief Infor­ma­ti­on Secu­ri­ty Offi­cer at SICK AG. “And we see pos­si­bi­li­ties of broa­de­ning its scope and cover other are­as of app­li­ca­ti­on as well, so that it can evol­ve into a mul­ti­part stan­dard in the medi­um run.“ Andre­as Teu­scher worked tog­e­ther with Gerd Brost from Fraun­ho­fer AISEC on dri­ving the deve­lo­p­ment of the stan­dard for­ward. Both were sup­por­ted by Mar­tin Uhl­herr from DIN (Ger­man Insti­tu­te for Stan­dar­di­z­a­ti­on).

Sin­ce IDSA faci­li­ta­ted the deve­lo­p­ment work­shops, it is pos­si­ble to pro­vi­de the DIN SPEC free of char­ge. To order the DIN SPEC (in Ger­man), plea­se click here.

We have also trans­la­ted the DIN SPEC into Eng­lish. This ver­si­on is non-public. We'd be hap­py to send it to you. Plea­se send us a short request.

For IDSA mem­ber com­pa­nies the DIN SPEC in Eng­lish is also avail­ab­le on Jive.