On February 21st, 2020, the DIN SPEC 27070 “Requirements and reference architecture of a security gateway for the exchange of industry data and services” has been published and is now available from the German Institute for Standardization’s Beuth Verlag.
Globally networked production processes demand data exchange that transcends company and sector boundaries. In this context, data security and data sovereignty are indispensable. DIN SPEC 27070 specifies the requirements to be met by a security gateway for data exchange, with regards to the gateway architecture and cyber security measures. Sebastian Steinbuss, CTO of International Data Spaces Association, about the publication: “Adding to the International Data Spaces Reference Architecture, the release of the DIN SPEC represents a huge milestone on the way to secure cross-company exchange of industrial manufacturing data.” The specification was developed by the German Institute for Standardization (DIN), together with Fraunhofer AISEC, SICK AG and 13 other organizations from industry and research.
Three Levels of Security
The IDS connector, which has been specified in line with IDS certification scheme, acts as a security gateway. It allows three different levels of security: Base, Trust, Trust+. These security levels comply with ISO/IEC 62443 (particularly ISO/IEC 62443-4-2) but have been extended by including additional requirements deemed necessary for the IDS ecosystem. That makes DIN SPEC 27070 the first initiative specifying requirements regarding a secure gateway for cross-company data exchange in the manufacturing industry.
Aiming for an International Standard
Gateways for other industries are envisaged for the future. “Our goal is to make DIN SPEC 27070 an international standard,” says Andreas Teuscher, Chief Information Security Officer at SICK AG. “And we see possibilities of broadening its scope and cover other areas of application as well, so that it can evolve into a multipart standard in the medium run.“ Andreas Teuscher worked together with Gerd Brost from Fraunhofer AISEC on driving the development of the standard forward. Both were supported by Martin Uhlherr from DIN Standards Committee Information Technology and Applications.
Since IDSA has facilitated the development workshops, it is possible to provide the DIN SPEC free of charge. To order the DIN SPEC (in German), please click here.
For this article on our website: www.internationaldataspaces.org/blog
Globally networked production processes demand data exchange that transcends company and sector boundaries. In this context, data security and data sovereignty are indispensable. DIN SPEC 27070 specifies the requirements to be met by a security gateway for data exchange, with regards to the gateway architecture and cyber security measures. Sebastian Steinbuss, CTO of International Data Spaces Association, about the publication: “Adding to the International Data Spaces Reference Architecture, the release of the DIN SPEC represents a huge milestone on the way to secure cross-company exchange of industrial manufacturing data.” The specification was developed by the German Institute for Standardization (DIN), together with Fraunhofer AISEC, SICK AG and 13 other organizations from industry and research.
Three Levels of Security
The IDS connector, which has been specified in line with IDS certification scheme, acts as a security gateway. It allows three different levels of security: Base, Trust, Trust+. These security levels comply with ISO/IEC 62443 (particularly ISO/IEC 62443-4-2) but have been extended by including additional requirements deemed necessary for the IDS ecosystem. That makes DIN SPEC 27070 the first initiative specifying requirements regarding a secure gateway for cross-company data exchange in the manufacturing industry.
Aiming for an International Standard
Gateways for other industries are envisaged for the future. “Our goal is to make DIN SPEC 27070 an international standard,” says Andreas Teuscher, Chief Information Security Officer at SICK AG. “And we see possibilities of broadening its scope and cover other areas of application as well, so that it can evolve into a multipart standard in the medium run.“ Andreas Teuscher worked together with Gerd Brost from Fraunhofer AISEC on driving the development of the standard forward. Both were supported by Martin Uhlherr from DIN Standards Committee Information Technology and Applications.
Since IDSA has facilitated the development workshops, it is possible to provide the DIN SPEC free of charge. To order the DIN SPEC (in German), please click here.
For this article on our website: www.internationaldataspaces.org/blog
