Practical standards for Cybersecurity for IndustryAlthough there are hundreds of IT security standards, only a few have proven usable for the protection of industrial facilities. Building on our many years of experience, we advise you on the selection and implementation of the appropriate standards.
TÜV Süd certification based on IEC 62443
Siemens is the first company to receive TÜV SÜD certification based on IEC 62443-4-1 for the interdisciplinary process of developing Siemens automation and drive products, including industrial software. With additional product specific TÜV SÜD certifications Siemens proves that the product development process is fully compliant to IEC 62443-4-1 and that substantial technical product requirements are implemented in compliance with IEC 62443-4-2.
Cybersecurity for Industry at Siemens
There is no such thing as 100% security. And the security that does exist never lasts forever. Internalizing this fact is an essential step toward creating the best-possible cybersecurity solution and continuously adapting it to new threats.
Learn from the following questions and answers, how Siemens protects its own products and solutions against cyber-attacks and how the industry benefits from Siemens’ expertise.
Security features built-in
When products and solutions from Siemens are released to the market, they already possess numerous security features.
Prior to market launch, all components are subjected to extensive testing in accordance with Siemens’ own high security standards as well as with relevant certifications by international associations, after which they are thoroughly optimized. As a result, a fundamental system hardening has already taken place by the time the products are delivered; but because standards and threats are constantly changing, Siemens continuously optimizes its security concept and makes adjustments based on the latest findings. To ensure this, the PLM, SCM, and CRM processes for industrial products have been adjusted at Siemens.
Comprehensive security concept
Siemens attaches great importance to protecting the integrity and safeguarding the confidentiality of the manufacturing data in its own products. Siemens also focuses on issues relating to the intellectual property and expertise of Siemens products.
To achieve this, the Siemens Industrial Holistic Security Concept (HSC) is applied, which is designed to protect development departments and production plants. As part of this process, multi-layer security systems and basic security improvements of the IT infrastructure are deployed. At the same time, process improvements were introduced and efforts were made to raise security awareness in development and production. These are ongoing measures at Siemens and are made transparent across the achieved security levels. HSC also benefits customers who choose to partner with Siemens for their industrial solutions, or who themselves want to follow this concept. The security at Siemens’ suppliers is also taken into account, ensuring that Siemens follows the same security standards in its purchasing as it does when it manufacturers its products.
Specific security solutions
For years Siemens has been working to advance the digitalization of the manufacturing and process industry in order to pave the way to the Digital Enterprise.
One of the cornerstones of the Digital Enterprise is Cybersecurity for Industry, for which Siemens already offers an extensive portfolio of products and solutions. Thanks to years of experience in a wide variety of industries around the world, Siemens can offer specific security solutions for the manufacturing and process industry as well as for oil and gas companies – solutions that are geared to their specific requirements. Siemens brings its experience into the relevant committees that consult about security solutions and define standards. As a result, Siemens played a significant role in advancing the IEC 62443 standard, which regulates IT security for industrial systems.
Own team of security experts
The Siemens security research field encompasses the development and testing of security products by its own team of security experts, who also conduct hacking and penetration tests.
Siemens collaborates intensively with CERT organizations (such as FIRST, ANSSI, and ICS-CERT) in many countries and directly benefits from the international exchange of information within the CERT network. Siemens is also involved in the Software Assurance Forum for Excellence in Code (SAFECode), where it works with companies like Adobe, Intel, and Symantec to develop solutions for secure hardware, software, and services.
Through all of these efforts, Siemens combines its expertise as a leading partner for industry with its expertise as a security provider.
Open communication of security vulnerabilities
Siemens feels that a sophisticated team of security experts and open communication with customers and the public are very important.
That’s why Siemens has established a Product Computer Emergency Response Team (ProductCERT) as a point of contact for customers and security experts if they identify security vulnerabilities.
Once a vulnerability has been reported to Siemens ProductCERT, our security experts immediately work on the issue. Siemens communicates a vulnerability with its mitigations as quickly as possible on a dedicated public website and makes the appropriate update available.