Network Security for industry

Network security for industry according to cybersecurity recommendation IEC 62443

With the growing trend toward mobile and remote work, cyberattacks on businesses have increased by as much as

0 %

  • Welcome to network security with Zero Trust – from Siemens

White paper: Industrial Network Security Architecture

White paper

Shoutbox Webinar Zscaler, Sept 14, 2022

Our portfolio for security in industrial networks

SCALANCE S Industrial Security Appliances as a part of network security support the Defense in Depth industrial security concept

Industrial Security Appliances

SCALANCE S Industrial Security Appliances

The SCALANCE S Industrial Security Appliances as a part of network security support the “Defense in Depth” industrial security concept. They protect automation networks, and seamlessly connect to the security structures of the Office and IT world.

SCALANCE M industry routers enable secure remote access to facilities with integrated security functions (firewall and VPN)

Industrial Routers

SCALANCE M Industrial Routers

The SCALANCE M product range includes both wired and wireless routers. They enable secure remote access to facilities with integrated security functions (firewall and VPN) to protect against unauthorized access and also to protect data transmissions.

Security communication processors protect controllers with integrated firewall and VPN from data manipulation and espionage.

Security Communications Processors

Additional protection using security communications processors

Security communications processors use integrated firewalls (to monitor data flows) and VPNs to protect controllers against data manipulation and espionage.

Software solutions for secure remote access via VPN and to manage industrial networks.

Software for Secure Networks

Software products for various security requirements

Software solutions for secure remote access via VPN to plants and security components and to manage industrial networks.

SCALANCE LPE - the local processing engine – open to your ideas 

Local Data Processing

The local processing engine - secure with Zero Trust

SCALANCE LPE collects data directly at the process, pre-processes it, and makes it available to other systems. Possible applications range from predictive maintenance and anomaly detection to secure remote access to industrial networks, e.g. based on Zero Trust. 

Accessories like RJ45 connectors

Data Export and Accessories

More products and services for improved network security

The SCALANCE TAP104 unmanaged Industrial Ethernet Test Access Port for data traffic export as well as connectors to mechanically lock RJ45 ports and other accessories for SCALANCE S.

Defense in Depth

Secure communication in industrial networks

An approach that covers all levels simultaneously is essential to comprehensively protect industrial facilities both internally and externally – from operational to field level, from access control to copy protection. For this purpose, we use a strategy that provides defense throughout all levels: “Defense in Depth” is a comprehensive security concept based on plant security, network security, and system integrity. We are guided by the IEC 62443 standard, the leading standard for security in industrial automation.
Network security – Zero Trust strengthens cell protection

Know how your network is protected

We want your network to be secure. Our solution for network security is part of the “Defense in Depth” industrial security concept, which means protecting automation networks against unauthorized access. The main task is to control all interfaces – for example between the office and plant networks – as well as remote maintenance access. To achieve this, we rely on firewalls and, if necessary, we establish a DMZ (demilitarized zone = security-shielded zone). For secure access to production networks, the “Defense in Depth” concept can be enriched by Zero Trust principles. This approach enables us to set up end-to-end, secure OT networks for you based on professional planning, design, and the implementation of available, high-performance network infrastructures.
 

In this video, you can see how flexible work can be combined with maximum network security.

Siemens expert Ricarda Koch on network security: “Industrial security is a major topic of digitalization”

Siemens expert on network security

Network security includes the protection of automation networks against unauthorized access by means of network access protection, network segmentation, and encrypted communication. Ricarda Koch explains how this works in practice.

Zero Trust

Why Zero Trust? Joint challenges

IT and OT – or just “connected devices”? No matter how you put it, the two worlds are converging. With the increasing demand for flexible and mobile working, remote collaboration has seen an additional push. OT systems, applications, and data are protected by strong “Defense in Depth” concepts. But how vulnerable are their assets and systems in the event of external access? This is where Zero Trust comes in – to protect production networks and assets from damage, misuse, and espionage.
Zero Trust
As a proven principle from IT, Zero Trust can now also protect your OT networks as a useful addition to your “Defense in Depth” concept.

The best way to trust is Zero Trust

SCALANCE LPE incorporates Zero Trust, a security principle known from IT networks. SCALANCE LPE with Zero Trust combines three goals that, for the first time, complement one another:

  • The strong protection of “Defense in Depth” cell protection
  • Secure access to production networks from external – for example, to enable flexible working from the office or mobile
  • Maximum availability and full real-time capability as required in production networks
Secure access to the OT area based on the Zero Trust Concept

How does it work? Joint responsibility

Zero Trust is a powerful principle now applied in “Defense in Depth” architectures. The entire network and all connected devices are generally considered untrusted.
 

Participating devices, users, and software resources need to be identified and authorized before getting access to systems and applications of the production network. Access is strictly limited to the current request.


To incorporate Zero Trust principles, SCALANCE LPE accommodates Private Access, a security solution from Zscaler Inc. Installing the solution as a Docker© container on the local processing engine SCALANCE LPE enables highly secure access to industrial automation environments.

How do you benefit? Joint security

SCALANCE LPE with Zero Trust doesn’t take a new architecture. It can be integrated with legacy devices and existing perimeter-based security – with no production interruption.
 

The two main priorities in manufacturing – maximum availability and ultra-fast reaction to signals to ensure high security along with safety – remain intact with no compromise.  

Why Zero Trust?

Learn more about it!

References

SCALANCE S already in successful use

Discover how industrial enterprises around the world utilize the SCALANCE S portfolio to rigorously improve their network security.
Simon Group
Aichhalde, Germany

Production network 4.0

  • Support for network design, installation, and commissioning, and training for Simon employees

  • Redundant Industrial Ethernet rings with 32 SCALANCE XR524 switches and connection of plant networks with SCALANCE S615 Industrial Security Appliances 

  • Transparent network management with SINEMA Server and secure remote access with SINEMA Remote Connect

Read the success story
Festo AG
Esslingen am Neckar, Germany

Maximum security in the production network

  • Cell segmentation of production plant and secure Internet and Intranet access using a management platform for remote networks

  • All plant accesses now run only via SINEMA Remote Connect with a central IP address for secure external access

  • Production networks are protected against undesired external and internal access, increasing process security and improving productivity in the entire manufacturing environment

Read the success story
ACSR-Solutions GmbH
Düren, Germany

New remote maintenance “recipe” for pharmaceutical production

  • Network management platform and security modules for convenient remote access in pharmaceutical production

  • Easy and convenient configuration, management, and establishment of secure remote access connections via VPN tunnel with SINEMA Remote Connect

  • Remote access has no impact on the operator network, making it suitable for the sensitive pharmaceutical industry environment 

Read the success story
DeVeTec GmbH
Saarbrücken, Germany

Unsupervised operation with “remote monitoring”

  • Secure remote access supports unsupervised operation of distributed waste heat plants

  • SINEMA Remote Connect enables easy, central management of secure tunnel connections between service technicians and distributed machines and plant

  • Industrial Security Appliance SCALANCE S615 is easy to integrate in existing networks, and then protects downstream plant components against unauthorized access

Read the success story
Cybersecurity Industry EN
Teaser Cybersecurity for Industry
Cybersecurity for Industry

Security information

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept. For more information about industrial security, please visit.

Learn more
Additional information

Information and downloads

Want to know more about our products for improved network security? Download our information or find out about our portfolio – covering every stage from efficient planning to implementation.

Brochures & Flyers

Ordering Tools and Catalogs

Customer Support

The fastest way to the experts

Proposed solutions for your queries and direct access to our experts in Technical Support

Support Request

Service offers

To remain competitive over the long term, companies in industry must ensure – and ideally increase – the availability and productivity of  machines and plants. As your partner, we offer a unique range of services and support based on our extensive technology and industry expertise.

Service offers

Well trained for excellent handling

Receive standardized or individual expertise directly from the manufacturer – with training centers in more than 60 countries.

Training Services

Follow us on Twitter:

 

Professional support

Professional support for future-proof communications networks

First-class network components will not create a first-class industrial communications network on their own. A thorough understanding of network designs is at least as important. You get both when you deal with us and our certified Solution Partners. That’s where you benefit: our Professional Services for Industrial Networks give you professional help in developing your network solution – tailored to suit your specific requirements.

Benefit from our expertise in industrial networks

Professional Services

Related topics

A man stands in front of an elevated highway with electrical power lines in the background. The digital layer shows an icon with a cybersecurity shield.

Cybersecurity for critical infrastructure networks

Cybersecurity for critical infrastructure networks

Protect your critical infrastructure with RUGGEDCOM cybersecurity solutions from Siemens

Wi-Fi 6 for industry

Wi-Fi 6 for industry

With SCALANCE W Access Points and Client Modules, you enjoy the benefits of the new IEEE 802.11ax WLAN standard
SIMATIC PCS 7

SIMATIC PCS 7

SIMATIC PCS 7

The leading process control system is ideally suited to your plant thanks to its flexible adaptability as a robust system. It ensures smooth processes, optimal availability, and maximum efficiency throughout the entire lifecycle.

SIMATIC PCS neo

SIMATIC PCS neo

Web-based process control system with object-oriented data management

SCALANCE X Industrial Ethernet Switches

SCALANCE X Industrial Ethernet Switches

Meet any networking challenge using our Scalance X Industrial Ethernet Switches.
Industrial Cybersecurity Services

Industrial Cybersecurity Services

Industrial Cybersecurity Services

Portfolio comprising hardware/software, and service experts versed in automation, digitalization, and cybersecurity.

Industrial Networks Education

Industrial Networks Education

Training courses and certification for acquiring specialist knowledge of all aspects of industrial networking