A multi-level cybersecurity response
Cyberattacks can put an entire tunnel system at risk, calling for dynamic and all-encompassing cybersecurity solutions. In accordance with recent legislation (IEC 62443), meticulously designed cybersecurity systems are necessary to respond to increasingly sophisticated cybersecurity threats.
Multilayer protection of tunnels according to IEC 62443Today’s cybersecurity threats are more advanced and widespread. Therefore, tunnel systems must defend against internal and external attacks. To accomplish this, it’s critical to focus on the details — the operational and field levels, physical access control, and network and terminal protections. Additionally, the most effective approaches follow the recommendations of recent legislation (IEC 62443). Defense in Depth meets and exceeds industry standards for cybersecurity in industrial facilities.
End-to-end support across the entire tunnel lifecycleSiemens is a dependable partner for the design and operation of secure automation systems. By actively contributing to the entire process, start-to-finish, Siemens takes everything into account: risk analysis, design, implementation, monitoring, and beyond.
Our Industrial Security Services are divided into three phases. In the first phase, our experts identify potential risks and develop a tailored security strategy. From here, the strategy is implemented with our supervision. In the third phase, we introduce a long-term plan to maintain the optimal security status of your tunnel system.
Security according to IEC 62443
Siemens has made it a priority to guarantee digital security for essential infrastructures, including tunnel systems. Following IEC 62443, internationally recognized as the foremost industrial security standards, Siemens develops cybersecurity systems that are ready for today and tomorrow.
Siemens is an exemplar in the cybersecurity industry and has received prestige certifications. As the first company to gain TÜV SÜD certification based on IEC 62443-4-1, Siemens combines the experience and expertise necessary for the digital age.
Reliable access control is an essential step in securing tunnels. Siemens offers a comprehensive portfolio of proven cybersecurity solutions, protecting tunnels from cyberattacks and unauthorized access.
The larger a tunnel project, the more important the communication networks. In many cases, disparate sections and stations must be maintained remotely. Remote connectivity is an essential capability and must be properly secured. Siemens ensures this capability is reliable while fortified against external interference.
The SINEC NMS Network Management System supports your tunnel´s network security with several features, including central, rule-based firewall management. SINEC NMS enables the central configuration and management of SCALANCE S Industrial Security Appliances and offers numerous security-related features:
- Central firmware updates
- Reliable system backup and restore
- Expanded certificate management
- Central, rule-based management of firewalls and network address translation (NAT)
- Local documentation via audit trails
- Central, secure forwarding of information via Syslog
Security guidelines for SIMATIC HMI operator devices and SIMATIC WinCC Unified
Automation requires dependable control of functions. Moreover, it’s essential that cybersecurity and automation features are synchronized. Siemens strives to make cybersecurity and automation elements compatible. SIMATIC HMI devices and the SIMATIC WinCC Unified are a great way to strengthen cybersecurity and automation functions simultaneously. During configuration, we take the following concerns into account:
- How can manipulations during configuration be minimized or totally prevented?
- How can device settings and access restrictions be used to reduce risks?
- How can external construction measures and device-specific settings be used to minimize risks?
- How can appropriate protection measures be used to prevent an unwanted remote access?
New security features in TIA Portal V17
Several security improvements have been introduced to TIA Portal V17 for communication between engineering stations, CPUs, and HMI panels. Users are guided through the process by an intuitive set-up wizard. The TIA Portal V17 features the following:
- Encryption of communication using the transport layer security protocol or TLS
- Certificates can be imported or created in the TIA Portal using the certificate manager
- Protection of confidential CPU configuration data using a user-defined password (optional)
- “Security by Default” system: several options have been preconfigured and are set by default to ensure a higher security level for machines and plants