Security threats force you to take actionDigitalization and the growing networking of machines and industrial systems also mean an increase in the risk of cyberattacks. Appropriate protective measures are imperative, especially for critical infrastructure facilities. An approach that covers all levels simultaneously – from the operational to the field level and from access control to copy protection – is essential for comprehensively protecting industrial facilities against internal and external cyberattacks.
Comprehensive concept as recommended by IEC 62443
The increase in horizontal and vertical data integration is a principal feature of digital companies. That’s why it’s increasingly important to reliably protect productivity and expertise at three levels: plant security, network security, and system integrity.
With “defense in depth”, Siemens provides a multilayer security concept that gives plants both all-round and in-depth protection as recommended by the international standard IEC 62443. It’s aimed at plant operators, integrators, and component manufacturers alike, and covers all security-related aspects of Cybersecurity for Industry. To strengthen cybersecurity as a whole beyond the boundaries of our own organization, we’ve joined forces with leading companies from around the globe to form the Charter of Trust. This cooperation is already showing the first signs of success and has ambitious goals for the future.
Physical protection and security management for automation systems
Plant security employs a number of different methods to prevent unauthorized persons from gaining physical access to critical components, starting with conventional building access and extending to the securing of sensitive areas by means of key cards.
Typical fields of application
Scalable access control systems
Managed access control is an essential factor when it comes to safeguarding critical company areas. Among other things, it is used to regulate who or what may enter a building or building complex. Siemens offers an extensive portfolio of reliable access control systems, ranging from access solutions and video monitoring systems to resource control systems and control platforms.
Proven protection with TÜV SÜD certificate
Integrators, operators, and manufacturers require insight into IT security measures for designing and operating automation processes and systems. The TÜV SÜD certificate attests to Siemens’ conformity to IEC 62443-4-1 for security in the product lifecycle management (PLM) processes of automation products.
Secure communication in industrial networks
One of the key challenges for consistent communication is to additionally establish adequate protection of easily accessible systems. In addition to availability, the focus is on protecting automation networks against unauthorized access.
Moreover, our portfolio has been optimized for use in automation systems and is designed to meet the specific requirements of industrial networks. For use in extreme environment conditions our ruggedized security portfolio provides the right answer.
Typical fields of application
Parts of systems that comprise multiple automation cells and that may even come from different suppliers should connect to one another only when absolutely necessary.
Installing SCALANCE S Industrial Security Appliances upstream from an automation cell segments the network and limits communication to permitted connections thanks to firewall rules.
Define individual rules for users
To minimize risks during service and maintenance of an automation network, it’s necessary to limit access to the relevant components and devices.
With SCALANCE S Industrial Security Appliances, you can create user-specific firewall rules that are temporarily activated for the duration of a service call by entering specific user data. In this way, you can assign a user access rights for specific devices and protocols – flexibly and protocol-dependent.
Secure provision of data across network boundaries
Network users (such as MES servers) have to be able to communicate with one another from the protected and unprotected network without establishing a direct connection between them. With SCALANCE S Industrial Security Appliances, a DMZ can be set up based on a flexible security zone concept.
Comprehensive network management for industrial networks
Central and around-the-clock monitoring, management, and configuration of networks with tens of thousands of subscribers is a genuine challenge.
SINEC NMS supports you and reliably fulfills process-based and technical security requirements according to the IEC 62443 Standard – including central, policy-based firewall and Network Address Translation (NAT) management, a local documentation function via audit trails, central forwarding of information via Syslog, central updates, and central user management.
Easy remote access for teleservice and remote maintenance
The SINEMA Remote Connect management platform permits secured remote access to globally distributed machines and plants via public networks.
Via a secured VPN tunnel connection, different users can connect to SINEMA Remote Connect, which administers the remote accesses to their plants. The plants can establish a VPN tunnel to SINEMA Remote Connect either on a permanent basis or as needed, because the VPNs can be activated or deactivated via a digital input or text message.
The Dedicated Device Access function makes it possible to further restrict the access rights stored in the SINEMA RC Client.
Protection of automation systems and control components
Whether you want to protect existing know-how or exclude unauthorized access to your automation processes from the outset as a way of preventing faults in your production processes – we support you in implementing targeted measures to protect against a variety of threats and design complete solutions for maximum protection.
Our integrated security features provide comprehensive protection against unauthorized configuration changes at the control level, as well as unauthorized network access. They prevent the copying of configuration data and make any attempts to manipulate these files easier to detect.
TIA Portal V17 security update
TIA Portal V17 provides new security functions such as TLS-based protection of communication between controllers and HMIs. In addition, access to controllers can be restricted via certificates and password queries.
In the sense of "security by default", the password query is activated as standard. Access rights for users are assigned via local or central user management via the User Management Component. For more details on these and other security functions, see the video.
Typical fields of application
Secure access management for machines and plants
One of the essential mechanisms for protecting automation components is consistent, logged access control. With the SIMATIC RF1000 Access Control Reader, you can reliably identify the personnel operating machines and plants and assign them appropriate access rights.
Depending on your needs and security requirements, login can be exclusively via RFID card – such as an employee ID – or via RFID card and user-specific login data. Logging of accesses enables transparent tracing in the event of security incidents.
Comprehensive protection against unauthorized changes on the control level
We offer you well-conceived concepts and solutions for the security of controllers, HMI, and SCADA applications, fully in keeping with the spirit of Totally Integrated Automation – our open system architecture for integrated automation – even within the secure cell.
The PLC system is protected by several protection levels, extending all the way to a complete lockdown (password also required for HMI connections).
Multiple users working simultaneously on one project
Project management is performed by a standalone UMC server application that can be installed independently of TIA Portal.
- Available as a TIA Portal option for managing central users and user groups.
- Efficient, system-wide support of users and access control for multiple TIA Portal projects and products (e.g. Active Directory)
- UMC users/groups can be imported into projects
- Basis for efficient administration of personalized security in the plant
The SINEC NMS Network Management System includes an efficient user administration for access control to network components that authenticates users and authorizes accesses and use.
Protection against unauthorized duplication
Protect your development investments against the unauthorized duplication of your PLC programs. Binding individual program blocks to the PLC’s serial number or memory card prevents the duplication of projects and makes it possible to detect manipulation attempts.
System integrity for process automation with SIMATIC PCS 7
Siemens’ SIMATIC PCS 7 offers an integrated, comprehensive security solution tailored to the specific requirements of process plants. The security concept effectively increases protection, reduces risk, helps to prevent security incidents, and thereby increases plant availability.
The strength of SIMATIC PCS 7 lies in the combination of a variety of security measures working together in the plant network. Segmentation of the plant into individual security cells ultimately results in a closed system in line with IEC 62443-3-3 – Security for Industrial Automation and Control Systems.
Staying secure 24/7Cybersecurity for Industry is a dynamic topic. Potential hazards, security risks, and defense measures are constantly changing. That’s why it’s important to always maintain an overview of the current state of knowledge. Our security experts are happy to support you.
The most advanced, real-time cyberattack monitoring and response solution for OT networks
From critical infrastructure such as power plants and water treatment facilities to military depots, data centers and operations centers, SIBERprotect can respond to and dramatically limit the impact of a cyber attack within milliseconds at machine speed.
Learn more about SIBERprotect functionality, advantages, and key features.
On Demand: Executive Cybersecurity Forum for Manufacturers
The security of OT networks is a critical risk management threat that all executives should prioritize. We've brought together industry thought leaders and leading experts on operations cybersecurity to share new perspectives on securing one of your biggest assets - the manufacturing floor.