Industrial Security provides comprehensive protection of productivity

Protecting productivity

Industrial Security as an essential component of Digital Enterprise – Siemens’ solution approach for Industrie 4.0
Our experts are happy to support you

Contact us

Holistic protection

Security threats force you to take action

Digitalization and the growing networking of machines and industrial systems also mean an increase in the risk of cyberattacks. Appropriate protective measures are imperative, especially for critical infrastructure facilities. An approach that covers all levels simultaneously – from the operational to the field level and from access control to copy protection – is essential for comprehensively protecting industrial facilities against internal and external cyberattacks.

Comprehensive concept as recommended by IEC 62443

The increase in horizontal and vertical data integration is a principal feature of digital companies. That’s why it’s increasingly important to reliably protect productivity and expertise at three levels: plant security, network security, and system integrity.

 

With “defense in depth”, Siemens provides a multilayer security concept that gives plants both all-round and in-depth protection as recommended by the international standard IEC 62443. It’s aimed at plant operators, integrators, and component manufacturers alike, and covers all security-related aspects of Industrial Security. To strengthen cybersecurity as a whole beyond the boundaries of our own organization, we’ve joined forces with leading companies from around the globe to form the Charter of Trust. This cooperation is already showing the first signs of success and has ambitious goals for the future.    

Physical protection and security management for automation systems

Plant security employs a number of different methods to prevent unauthorized persons from gaining physical access to critical components, starting with conventional building access and extending to the securing of sensitive areas by means of key cards.

 

Tailored Industrial Security Services from Siemens include processes and guidelines for comprehensive plant protection. These range from risk analysis and the implementation and monitoring of suitable measures to regular updates.    

Typical fields of application

Scalable access control systems

Managed access control is an essential factor when it comes to safeguarding critical company areas. Among other things, it is used to regulate who or what may enter a building or building complex. Siemens offers an extensive portfolio of reliable access control systems, ranging from access solutions and video monitoring systems to resource control systems and control platforms.

Know-how for security

Customized Industrial Security Services from Siemens encompass processes and guidelines for the comprehensive protection of plants – including, for example, risk analysis, implementation of suitable measures and their monitoring, and regular updates. In this way, you optimally protect production processes and industrial control systems (ICSs) against attacks.

 

Siemens makes the necessary security knowledge available to its customers and helps them successfully implement security measures in their companies.    

Proven protection with TÜV SÜD certificate

Integrators, operators, and manufacturers require insight into IT security measures for designing and operating automation processes and systems. The TÜV SÜD certificate attests to Siemens’ conformity to IEC 62443-4-1 for security in the product lifecycle management (PLM) processes of automation products.

Secure communication in industrial networks

One of the key challenges for consistent communication is to additionally establish adequate protection of easily accessible systems. In addition to availability, the focus is on protecting automation networks against unauthorized access.

 

Moreover, our portfolio has been optimized for use in automation systems and is designed to meet the specific requirements of industrial networks. For use in extreme environment conditions our ruggedized security portfolio provides the right answer. 

Typical fields of application

Network segmentation

Parts of systems that comprise multiple automation cells and that may even come from different suppliers should connect to one another only when absolutely necessary.

 

Installing SCALANCE S Industrial Security Appliances upstream from an automation cell segments the network and limits communication to permitted connections thanks to firewall rules.    

Define individual rules for users

To minimize risks during service and maintenance of an automation network, it’s necessary to limit access to the relevant components and devices.

 

With SCALANCE S Industrial Security Appliances, you can create user-specific firewall rules that are temporarily activated for the duration of a service call by entering specific user data. In this way, you can assign a user access rights for specific devices and protocols – flexibly and protocol-dependent.    

Secure provision of data across network boundaries

Network users (such as MES servers) have to be able to communicate with one another from the protected and unprotected network without establishing a direct connection between them. With SCALANCE S Industrial Security Appliances, a DMZ can be set up based on a flexible security zone concept.

Comprehensive network management for industrial networks

Central and around-the-clock monitoring, management, and configuration of networks with tens of thousands of subscribers is a genuine challenge.

 

SINEC NMS supports you and reliably fulfills process-based and technical security requirements according to the IEC 62443 Standard – including central, policy-based firewall and Network Address Translation (NAT) management, a local documentation function via audit trails, central forwarding of information via Syslog, central updates, and central user management.    

Protection of industrial networks using firewalls and VPNs

Machines can be remotely programmed, parametrized, and monitored from a service center via the Internet. The system can be accessed via the Internet using an encrypted VPN tunnel with SCALANCE SC646-2C as a VPN server.

Easy remote access for teleservice and remote maintenance

The SINEMA Remote Connect management platform permits secured remote access to globally distributed machines and plants via public networks.

 

Via a secured VPN tunnel connection, different users can connect to SINEMA Remote Connect, which administers the remote accesses to their plants. The plants can establish a VPN tunnel to SINEMA Remote Connect either on a permanent basis or as needed, because the VPNs can be activated or deactivated via a digital input or text message.

 

The Dedicated Device Access function makes it possible to further restrict the access rights stored in the SINEMA RC Client.     

Protection of automation systems and control components

Whether you want to protect existing know-how or exclude unauthorized access to your automation processes from the outset as a way of preventing faults in your production processes – we support you in implementing targeted measures to protect against a variety of threats and design complete solutions for maximum protection.

 

Our integrated security features provide comprehensive protection against unauthorized configuration changes at the control level, as well as unauthorized network access. They prevent the copying of configuration data and make any attempts to manipulate these files easier to detect.    

Typical fields of application

Secure access management for machines and plants

One of the essential mechanisms for protecting automation components is consistent, logged access control. With the SIMATIC RF1000 Access Control Reader, you can reliably identify the personnel operating machines and plants and assign them appropriate access rights.

 

Depending on your needs and security requirements, login can be exclusively via RFID card – such as an employee ID – or via RFID card and user-specific login data. Logging of accesses enables transparent tracing in the event of security incidents.

Comprehensive protection against unauthorized changes on the control level

We offer you well-conceived concepts and solutions for the security of controllers, HMI, and SCADA applications, fully in keeping with the spirit of Totally Integrated Automation – our open system architecture for integrated automation – even within the secure cell.

 

The PLC system is protected by several protection levels, extending all the way to a complete lockdown (password also required for HMI connections).

Multiple users working simultaneously on one project

Project management is performed by a standalone UMC server application that can be installed independently of TIA Portal.

  • Available as a TIA Portal option for managing central users and user groups.
  • Efficient, system-wide support of users and access control for multiple TIA Portal projects and products (e.g. Active Directory)
  • UMC users/groups can be imported into projects
  • Basis for efficient administration of personalized security in the plant

The SINEC NMS Network Management System includes an efficient user administration for access control to network components that authenticates users and authorizes accesses and use.    

Protection of communication against manipulation

Communication integrity means protecting communication against unauthorized manipulation to ensure high plant availability. Central elements include, for example, digital checksums when accessing controllers.    

Protection of intellectual property

To protect development investments, existing know-how must be protected – for example, by means of passwords – against the unauthorized opening or evaluation of program blocks from the STEP 7 configuration or a memory card.

Protection against unauthorized duplication

Protect your development investments against the unauthorized duplication of your PLC programs. Binding individual program blocks to the PLC’s serial number or memory card prevents the duplication of projects and makes it possible to detect manipulation attempts.

System integrity for process automation with SIMATIC PCS 7

Siemens’ SIMATIC PCS 7 offers an integrated, comprehensive security solution tailored to the specific requirements of process plants. The security concept effectively increases protection, reduces risk, helps to prevent security incidents, and thereby increases plant availability.

 

The strength of SIMATIC PCS 7 lies in the combination of a variety of security measures working together in the plant network. Segmentation of the plant into individual security cells ultimately results in a closed system in line with IEC 62443-3-3 – Security for Industrial Automation and Control Systems.    

Protecting productivity – Industrial Security at a glance

Download brochure

Always active

Staying secure 24/7

Industrial Security is a dynamic topic. Potential hazards, security risks, and defense measures are constantly changing. That’s why it’s important to always maintain an overview of the current state of knowledge. Our security experts are happy to support you.

Industrial Security alerts und updates

Siemens ProductCERT investigates all reported security issues and publishes Security Advisories on validated security vulnerabilities that directly involve Siemens products. Use our news ticker to gain an overview of the latest developments.

Industrial Security Services

With Siemens Industrial Security Services, industrial companies benefit from the comprehensive know-how as well as the technical expertise of a global network of experts for automation and cybersecurity. The holistic approach helps identifying threats and vulnerabilities at an early stage, reacting fast in case of indicators of compromise and getting a long-term, holistic protection.

Always active – We help you to stay secure in the long run

Industrial Security is a continuous moving challenge. Learn how Siemens protects its own products and solutions against cyberattacks and how industry benefits from Siemens’ expertise.

Whitepapers and downloads

Bundled information on Industrial Security:

You’ll find whitepapers, technical articles, and other interesting downloads on our summary page.

Focus topics

Machen Sie Cybersecurity zur Chefsache

Cyberattacks on critical infrastructures are not uncommon anymore. In many countries legislators have responded with standards and regulations that oblige companies how to protect their facilities. This white paper informs you in detail about all requires steps. Register for free and get your copy.

Primer for Cybersecurity in Industrial Automation

The International Society of Automation (ISA) and Siemens team up to bring you an in-depth e-book as a guide to facilitate the access to the standard IEC 62443 – including main concepts and basic principles to design and deploy security concepts for industrial plants.    

References

Industrial Security in practice

Siemens solutions for Industrial Security have already been successfully proven in practice.
Discover additional, exciting projects in the area of Industrial Security

Further references

Digital Enterprise

Industrial Security in the Digital Enterprise

In order to enable companies to make the most out of digitalization, Siemens developed Digital Enterprise – a comprehensive portfolio of software and automation solutions. It supports the discrete and process industries’ efforts to become faster, more flexible, and more efficient. Cybersecurity plays a major role.

Learn more

Contact

Always on the secure side

Siemens’ solution portfolio for Industrial Security follows a comprehensive approach. Secure automation hardware, robust software, and continuous refinement of the underlying industrial security strategy ensure constant improvement to the standard of industrial security. Our experts will happily support you!