Networks as a security factor

Network security for industry according to cybersecurity recommendation IEC 62443

Network security to protect industrial plants

Cybersecurity is the subject that should be on the agenda of every business right now. With “Defense in Depth” as a comprehensive protection strategy, Siemens provides answers in the form of defense throughout all levels based on the Industrial Security Standard IEC 62443. Part of the Industrial Security concept is network security to protect automation networks against unauthorized access. This includes checking all interfaces, like those between office and plant networks, or checking remote accesses to the Internet, and may be carried out using firewalls or, as appropriate, by creating a protected secure zone (a ‘demilitarized zone’ or DMZ). For secure remote access to production networks, the “Defense in Depth” concept can be enriched with Zero Trust principles. Based on professional planning, design, and the implementation of available, powerful network infrastructures, it is possible to create comprehensive yet secure OT networks.

White Paper: Industrial Network Security Architecture

White Paper

SCALANCE S Industrial Security Appliances as a part of network security support the Defense in Depth industrial security concept

Industrial Security Appliances

SCALANCE S Industrial Security Appliances

The SCALANCE S Industrial Security Appliances as a part of network security support the “Defense in Depth” industrial security concept. They protect automation networks, and seamlessly connect to the security structures of the Office and IT world.

SCALANCE M industry routers enable secure remote access to facilities with integrated security functions (firewall and VPN)

Industrial Routers

SCALANCE M Industrial Routers

The SCALANCE M product range includes both wired and wireless routers. They enable secure remote access to facilities with integrated security functions (firewall and VPN) to protect against unauthorized access and also to protect data transmissions.

Security communication processors protect controllers with integrated firewall and VPN from data manipulation and espionage.

Security Communications Processors

Additional protection using security communications processors

Security communications processors use integrated firewalls (to monitor data flows) and VPNs to protect controllers against data manipulation and espionage.

Software solutions for secure remote access via VPN and to manage industrial networks.

Software for Secure Networks

Software products for various security requirements

Software solutions for secure remote access via VPN to plants and security components and to manage industrial networks.

SCALANCE LPE - the local processing engine – open to your ideas 

Local Data Processing

The local processing engine – open to your ideas 

SCALANCE LPE collects data directly at the process, pre-processes it, and makes it available to other systems. Possible applications range from predictive maintenance and anomaly detection to secure remote access to industrial networks, e.g. based on Zero Trust. 

Accessories like RJ45 connectors

Data Export and Accessories

More products and services for improved network security

The SCALANCE TAP104 unmanaged Industrial Ethernet Test Access Port for data traffic export as well as connectors to mechanically lock RJ45 ports and other accessories for SCALANCE S.

Defense in Depth

Secure communication in industrial networks

An approach that covers all levels simultaneously is essential to comprehensively protect industrial facilities both internally and externally – from operational to field level, from access control to copy protection. This is why we use “Defense in Depth” as our comprehensive protective strategy aligned with the Industrial Security Standard IEC 62443, the leading standard for security in industrial automation.

Know how your network is protected

Experts calculate that 25 billion communications-capable machines will be networked as part of the Industrial Internet of Things in just a few years from now. This exponentially increases the attack surface and is accompanied by new network security requirements that ensure the continued protection of machines, plants, and expertise. Industrial Security is based on a multilayered concept – “Defense in Depth” – that gives your plant both all-round and in-depth protection. It starts with conventional building access and extends to the securing of sensitive areas by means of key cards. Network security includes the protection of automation networks against unauthorized accesses with network access protection, segmentation, and encrypted communication. System integrity protects your automation systems and control components against unauthorized accesses and meets special requirements such as know-how protection.
This perimeter-based network security can now be enriched by Zero Trust principles for secure access to production network systems and applications.

Read all about network security

Download brochure

Zero Trust

Why Zero Trust? Joint challenges

IT and OT – or just “connected devices”? No matter how you put it, the two worlds are converging. With the increasing demand for flexible and mobile working, remote collaboration has seen an additional push. OT systems, applications, and data are well protected with strong “Defense in Depth” concepts – but how vulnerable are your values in the case of external access? Here, Zero Trust enters the stage to prevent production networks and assets from damage, misuse, and espionage.

The best way to trust is Zero Trust

SCALANCE LPE incorporates Zero Trust, a security principle known from IT networks. SCALANCE LPE with Zero Trust combines three goals that, for the first time, complement one another:

  • The strong protection of “Defense in Depth” cell protection
  • Secure access to production networks from external – for example, to enable flexible working from the office or mobile
  • Maximum availability and full real-time capability as required in production networks
Why Zero Trust?

Learn more about it!

Additional information

Information and downloads

Want to know more about our products for improved network security? Download our information or find out about our portfolio – covering every stage from efficient planning to implementation.

The fastest way to the experts

Proposed solutions for your queries and direct access to our experts in Technical Support

Service offers

To remain competitive over the long term, companies in industry must ensure – and ideally increase – the availability and productivity of  machines and plants. As your partner, we offer a unique range of services and support based on our extensive technology and industry expertise.

Well trained for excellent handling

Receive standardized or individual expertise directly from the manufacturer – with training centers in more than 60 countries.

References

SCALANCE S already in successful use

Discover how industrial enterprises around the world utilize the SCALANCE S portfolio to rigorously improve their network security.
Teaser Cybersecurity for Industry
Cybersecurity for Industry

Security information

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept. For more information about industrial security, please visit.

 

siemens.com/cybersecurity-industry

Professional support

Professional support for future-proof communications networks

First-class network components will not create a first-class industrial communications network on their own. A thorough understanding of network designs is at least as important. You get both when you deal with us and our certified Solution Partners. That’s where you benefit: our Professional Services for Industrial Networks give you professional help in developing your network solution – tailored to suit your specific requirements.

Benefit from our expertise in industrial networks

Professional Services