Set this page to
Go to Siemens in your region
Set this page to
Go to Siemens in your region
TÜV Süd certificate based on IEC 62443 gives integrators and operators transparent insight into the IT security measures and backs up Siemens Security in the process of developing automation products.
Protection against cyber attacks is growing more and more important for industrial companies. That’s why this aspect must be considered right at the development stage for new machines, and observed throughout the entire life cycle.
It is essential in this regard to perform regular PDCA (“plan-do-check-act”) cycles, as prescribed in standard IEC 62443. During the specification, design and development stages, manufacturers concentrate on potential points of attack and draft protection mechanisms. Then, in the marketing phase, they actively look after protecting their products with information and updates.
Since 2015, operators of critical infrastructure facilities have been required to fulfill the requirements of the new IT Security Act. The focus is on maintaining operations in the event of an attack, and the PDCA cycles are coordinated with this requirement.
On the one hand, operators must determine the requirements for laying out the automation solution, and on the other they must define the measures that they themselves will have to implement. These include limited access to critical parts of the automation solution, for example.
The new IT Security Act took effect in Germany on July 25, 2015. Under the act, key operators of critical infrastructures are required in future to report any IT security incidents to the German Federal Office for Information Security (BSI) and implement minimum IT security standards. Who this includes was determined, among other things, by the BSI with the help of a measurement table.
A total of seven industries (sectors) and around 700 systems are covered by the IT Security Act.
In addition to information technology and telecommunications in the strictest sense, the energy, food, finance, insurance, healthcare and water industries are required to meet minimum IT security standards and report incidents to the BSI.
The German government applies the 500,000 rule as the basis for determining which groups are covered by the act: If 500,000 or more citizens are dependent on a service, the accompanying system falls under the reporting requirement. What these people consume is converted into a threshold.
Part 1 of the BSI Kritis (Critical Infrastructure Protection) Regulation took effect in May 2016.
Deadlines will apply from that point on, in other words:
Operators of critical infrastructures in the areas of energy, water, food, information technology and telecommunications will have to meet their reporting requirements to the BSI from November 2016 and observe the new industry-specific minimum IT security standards from May 2018.
System integrators are often trail-blazers when a company’s IT security has to be improved. They work closely with the operator to establish the protection strategy that will meet the specified protection goals. The focus for the integrators is on implementing the automation solution at a functional level.
That’s why the PDCA solutions are mainly built around multiple functional and organizational measures, and include efficiency checks for the protection measures, training for employees, documentation, and maintenance of the protective measures. Security – e.g. of recipes or passwords – must still be guaranteed when an automation solution is being dismantled.
As the level of digitalization increases, so too does the importance of comprehensive security concepts for automation applications.
That's why Industrial Security is an essential element of Digital Enterprise, the Siemens way to Industrie 4.0. With defense in depth, Siemens provides a multi-layer concept that gives your plant both all-round and in-depth protection. The concept is based on plant security, network security and system integrity as recommended by ISA 99/IEC 62443.
Plant security starts with conventional building access and extends to securing of sensitive areas by means of key cards. Tailored industry security services include processes and guidelines for comprehensive plant protection. These range from risk analysis and the implementation and monitoring of suitable measures to regular updates.
One of the key challenges for a consistent communication is simply to establish adequate protection of the easily accessible systems. With professional planning, design, and implementation of available, efficient network structures, it is possible continuously and secure.
The focus here is on the availability of the protection of automation networks against unauthorized access. Network security management, network segmentation (e.g. DMZ) and encrypted communication with industrial security appliances, Internet and mobile radio routers, and security SIMATIC S7 communication processors are an integral part of the planning phase with the support of Siemens Professional Services for industrial networks.
In addition, our product portfolio has been optimized for use in automation technology and designed for the requirements of industrial networks.
Whether you want to protect existing know-how or rule out unauthorized access to your automation processes from the outset, thus preventing production downtimes, our comprehensive Industrial Security portfolio includes support for implementing targeted measures to protect against a variety of threats, as well as the design of complete solutions for maximum protection.
Our integrated security features provide comprehensive protection against unauthorized configuration changes at the control level as well as against unauthorized network access, preventing the copying of configuration data and making any attempts to manipulate such files easier to detect.
It looks like you are using a browser that is not fully supported. Please note that there might be constraints on site display and usability. For the best experience we suggest that you download the newest version of a supported browser: