A man stands in front of an elevated highway with electrical power lines in the background. The digital layer has four icons representing the different stages of implementing a robust cybersecurity regime (identify, protect, detect, manage) for critical infrastructure networks.

Cybersecurity for critical infrastructure 

Be free to focus on what matters with an end-to-end RUGGEDCOM cybersecurity approach that combines the right hardware, software and expertise for your industrial control systems.
Start the conversation with a local expert

RUGGEDCOM Sales Locator

Professionals discussing RUGGEDCOM cybersecurity solutions from Siemens.
RUGGEDCOM cybersecurity solutions

The freedom to focus on what matters

Securing your industrial control system in the face of increasing IT/OT convergence, progressively sophisticated cyberattacks, and strict regulations is not easy. Find out more about how we will work with you to find a cybersecurity solution tailored to your requirements using the right blend of OT-network expertise, certified software and rugged hardware. 

It’s the security to be free

Download the brochure

Professional expertise

Be free from worries knowing that your critical infrastructure is safe

Thanks to trusted professionals who understand the unique requirements of complex industrial and critical infrastructure networks – and who will do the hard work to protect them using a standards-based approach.

The right expertise for your requirements

Irrespective of how complex or simple your requirements might be: the hard work can be left to us. Our cybersecurity and OT experts will put their minds together to design the right cybersecurity solution for your network. This includes identifying network vulnerabilities, conducting assessments and recommending the right cybersecurity regime based on your business requirements and the regulatory environment. Thus, forming the secure foundation from which you can further tap the benefits of digitalization in an increasingly digital world.

 

To reach out to our Professional Services team, please use the contact button above.

Certified software

Be free to choose tested and certified software solutions that are just right for you

RUGGEDCOM’s versatile hardware lets you host the software that best fits your needs. So, you can choose from leading Siemens software solutions as well as Siemens certified solutions from trusted third-party vendors – each a proven expert in their field.

RUGGEDCOM CROSSBOW Secure Access Management

Tailored to the needs of industrial and utility asset owners, this scalable solution lets you tap into a proven Secure Access Management System and provides secure, NERC CIP compliant access to all your Intelligent Electronic Devices (IEDs) and associated files.

Visit the product page

A man stands on a mountain. Digital graphic elements show the network management system he is using.

SINEC NMS Network Management System

A Network Management System (NMS) for complex network structures, SINEC NMS can be used to centrally monitor, manage and configure industrial networks with tens of thousands of devices around the clock – including security-related areas. It paves the way for digital transformations in all sectors regardless of network size and, thanks to its scalability, is able to grow as your network becomes larger and more complex.

Visit the product page

This is a logo for Fortinet® – a partner from Siemens in providing cybersecurity for critical infrastructure networks.

Next-Generation Firewall & Intrusion Prevention System

Fortinet's Next-Generation Firewall (NGFW) enables security-driven networking and consolidates industry-leading security capabilities such as an Intrusion Prevention System (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection. The solution also includes Industrial Security Services (ISS).

 

Read the press release

This is a logo for Nozomi Networks – a partner from Siemens in providing cybersecurity for critical infrastructure networks.

Intrusion Detection System & Deep Packet Inspection

Nozomi Networks is a leader in OT and IoT security and visibility. They accelerate digital transformations by unifying network visibility, threat detection and operational insight for the world’s largest OT sites. The solution from them includes an Intrusion Detection System (IDS) with Deep Packet Inspection (DPI)

 

Read the press release

This is a logo for Claroty – a partner from Siemens in providing cybersecurity for critical infrastructure networks.

Intrusion Detection System & Deep Packet Inspection

Claroty’s comprehensive industrial cybersecurity platform helps customers protect, and manage their OT, IoT, and IIoT assets. Its solution connects seamlessly with existing infrastructure and programs while providing a full range of industrial cybersecurity controls for visibility, threat detection, risk and vulnerability management, and secure remote access – all with a significantly reduced total cost of ownership.

Read the press release

This is a logo for Secure-NOK – a partner from Siemens in providing cybersecurity for critical infrastructure networks.

Intrusion Detection System

Secure-NOK offers SNOK™: a small, scalable data solution designed to locally detect malware, espionage, sabotage and other harmful cyber events uses an advanced anomaly-based Intrusion Detection System (IDS). The solution is designed to be implemented on industrial sites, running on hardware with limited computing power.

 

Read the press release

Rugged hardware

Be free to put your business interests and operations first

With reliable and rugged hardware solutions that form the solid foundation of a future-proof cybersecurity strategy.

One box, infinite possibilities 

The RUGGEDCOM cybersecurity approach hinges on the RUGGEDCOM APE1808: a powerful application hosting platform that is a line module for the RUGGEDCOM Multi-Service Platform family of switches/routers. 

 

This allows it to integrate easily into your current infrastructure with minimal disruption. Its standards-based platform offers access to any leading, third-party cybersecurity software. So, you are free to choose solutions that are just right for you and which meet the evolving threats and regulations in your country or region. 

The RUGGEDCOM RX1500 family

The RUGGEDCOM APE1808 integrates easily into the RUGGEDCOM RX1500 family of modular Layer 2 and Layer 3 switches and routers. 

 

With VPN and firewall capabilities, these integrated switches and routers ensure data security at the Local Area Network (LAN) level through use of passwords, PKI authentication and strong encryption algorithms. They are typically used as the main point of entry between the LAN and the WAN – forming a secure gateway to your industrial control system. 

Combatting cyberattacks with anomaly-based Intrusion Detection Systems

With the rise of digitalization comes the increased threat of cyberattacks in critical industries around the world. So how can operators of Industrial Control Systems (ICSs) stay safe when the line between IT and OT networks is rapidly disappearing? 

Implementing end-to-end cybersecurity

Cybersecurity for critical infrastructure

Implement a “Defense in Depth” strategy for your industrial control system with our end-to-end cybersecurity approach that brings together the right hardware, software and expertise. Click on the tabs below to understand more about how our suite of solutions can help you identify, protect, detect and manage cyber threats to your critical infrastructure.

Identifying network vulnerabilities

This is the most crucial step in the journey to implement a robust cybersecurity regime for an industrial control system. Using a risk-based assessment approach such as the NIST framework or the IEC 62443, Siemens Professional Services will help analyze your network, identify existing vulnerabilities, and recommend a cyber risk mitigation solution suited to your business objectives. It is a non-intrusive vulnerability assessment that consists of the following stages:

 

1. Discovery

We start by identifying all assets in the industrial control system, their configurations, the security controls in place, and network data flows. 

 

2. Assessment

The next stage involves identifying system vulnerabilities that can be exploited, assessing the attack surface of the network, and quantifying the risk level of these vulnerabilities.

 

3. Recommendation

By analyzing the findings from the first two stages, we are now able to capture compliance shortfalls and plan a robust cybersecurity regime for your industrial control systems. 

 

Annual cybersecurity assessments 

Industry standards recommend annual cyber assessments to mitigate risks associated with vulnerabilities in critical infrastructure networks. The Siemens Professional Services team is experienced in conducting these assessments with minimal disruption to network operations. 

Protecting your Industrial Control System (ICS)

To effectively protect an industrial control system and maximize network uptime, you need to employ a “Defense in Depth” approach across all network layers. This requires:

  • Rugged hardware that can tolerate harsh environmental conditions and which allow for secure processes via network segmentation, port disabling, data encryption and routing.
  • Software like RUGGEDCOM CROSSBOW for secure access to critical field devices. 
  • Network entry point protection using Next Generation Firewalls (NGFW) and Intrusion Prevention Systems (IPS) to create an electronic security perimeter for your industrial control system and block malicious traffic.

A Next Generation Firewall is installed at the entry point of the OT network (the network perimeter) and prevents unauthorized access and blocks malware from reaching the critical network assets. 

 

The software gives application-layer visibility into protocols and vulnerabilities specific to OT environments. Designed for maximum throughput without degrading or compromising on network performance, NGFWs ensure high availability for Industrial Control Systems (ICS). 

 

They also can accommodate additional sensors that collect and transmit data throughout the network and can come with add-ons such as anti-malware and anti-spam functionalities. 

 

With our cybersecurity approach, you have access to an industry leading NGFW from Fortinet via the RUGGEDCOM APE1808 line module, a powerful application hosting platform for the RUGGEDCOM RX1500 series of routers. 

An Intrusion Prevention System adds to your security perimeter by analyzing data traffic patterns and blocking attacks based on known security profiles. Any suspicious behavior is logged, blocked and reported. Siemens has tested and certified IPS solutions from Fortinet that can be seamlessly integrated into your OT networks with the RUGGEDCOM APE1808 module.

Threats emerging from inside a network are also an important consideration for protecting OT networks from malicious cyber events. In fact, NERC CIP standards mandate secure interactive remote access to critical field assets. 

 

RUGGEDCOM CROSSBOW is a software solution designed to provide NERC CIP-compliant secure access to local and remote assets. Its intuitive, user-friendly interface provides ease of administration for many IEDs (Intelligent Electronic Devices) and the users who manage them. 

 

It is available as a starter edition that can be installed on the RUGGEDCOM APE1808 and used to securely access the assets of small- and medium-sized remote sites with up to a hundred IEDs and five users. 

RUGGEDCOM devices are built to be secure by design and take into consideration the NERC CIP 13 standard requirements. They also exceed the requirements of the IEC 61850-3 and IEEE 1613 standards for error-free operation despite harsh ambient conditions such as high levels of electromagnetic interference, humidity, vibration, and temperature extremes from -40° to +85°C. 

Detecting threats and anomalies within your ICS

Ensuring that threats and anomalies are detected early is critical to preventing the amount of damage they can cause to your critical infrastructure and operations. This requires an effective Intrusion Detection System (IDS) with Deep Packet Inspection (DPI) capabilities. 

Effective intrusion detection solutions utilize their complete visibility the entire network, assets and processes to provide real-time, context-based alerts of potential threats conventional IT security tools might not detect. There are two types of IDS: signature-based and anomaly-based systems. 

A signature-based IDS requires regular (preferably real-time) updates to acquaint the application with the signatures of known attacks. An anomaly-based IDS, on the other hand, relies on understanding data patterns and picking up on exceptions. This type of IDS is highly effective against zero-day attacks but can also initially trigger many false positives as it “learns” how your network operates.

 

Siemens has partnered with leaders in threat detection technology – such as Nozomi Networks, Secure-NOK and Claroty – to provide both anomaly-based and signature-based IDS for industrial control systems in harsh environments.

Deep Packet Inspection (DPI) is an optional functionality within your Intrusion Detection System that non-intrusively examines OT data packets (ModBus/DNP3) for potential threats. It scrutinizes industrial protocol communications at all layers of the network stack.

 

This analysis provides a more robust mechanism for enforcing network packet filtering and can be used to accurately identify a range of complex threats hiding in network data streams. 

 

Non-compliant packets can then be routed to a different destination for cybersecurity analysis and risk mitigation. The detailed analysis from DPI also opens the path for organizations to block policy-violating usage patterns or prevent unauthorized data access within approved applications. Siemens has certified IDS solutions, from partners such as Nozomi Networks and Claroty, that also offer additional DPI capabilities.

Managing your cybersecurity response and recovery

Responding to a cyberattack and recovering from it requires people, processes and technology to come together seamlessly in a holistic cybersecurity regime. This includes a holistic and real-time overview of all that is happening on your network.

 

SINEC NMS, a network management system for industrial control system networks, offers real-time monitoring and 24/7 visibility of the entire network. It also offers special security features for logging and reporting security events to a central server or a SIEM (Security Incident and Event Management) system and facilitates policy-based firewall configurations of your network devices.

 

Coupled with IDS and NGFW management consoles from our certified partners, you will have complete transparency of your network operations to respond to any cyber event. The Siemens Professional Services team will also be with you every step of the way in order to help you achieve your cybersecurity goals – from finding the right technology for your network and implementing the right security processes to training your personnel to self-manage your new cybersecurity regime.

This is an image of electric power lines, just one aspect of the smarter grid the electric power industry is transitioning to
RUGGEDCOM cybersecurity webinar

Securing ICS networks in the modern digital substation

The transition of the electric power industry toward a smarter grid creates a highly automated Industrial Control System (ICS) network for operators. In this webinar, our expert goes over what needs to be done to secure such ICS networks; including secure protocols and best practices. 

Learn to leverage the latest cybersecurity trends, standards and requirements

Watch the webinar

Overcoming cybersecurity challenges caused by increasing IT/OT convergence

Further information

The knowledge and support you need, when you need it

Get a detailed overview of all Siemens has to offer – from RUGGEDCOM product information to support and services.
Professional Services for Industrial Networks

Professional services for industrial networks

It’s easy to acquire a top-of-the-line industrial communication network when you’re backed by our first-class network components and strong network design expertise. Work directly with us and our certified Solution Partners to help develop a network solution tailored to your needs. 

Industrial networks education

Industrial networks education

Need in-house specialists? Participate in Siemens industrial networks training program and earn the subsequent certification aligned with international Industrial Ethernet standards. 

Warranty information

Gain an overview of the general terms and conditions of sale for RUGGEDCOM products. 

A partner you CAN trust in a zero-trust culture. 

“Cybersecurity is a top priority for Siemens.  We hold ourselves accountable to the highest cybersecurity standards and endeavor to lead by example.” Check out our whitepaper for an in-depth understanding of Siemens’ Cybersecurity Program, specific to our RUGGEDCOM solutions. 

Cybersecurity: What we do at Siemens

View the whitepaper

Contact us

Standard-based cybersecurity solutions for critical infrastructure networks

Be free to focus on what matters with RUGGEDCOM cybersecurity solutions and an end-to-end cybersecurity approach that combines the right hardware, software and expertise. The outcome: IEC 62443-compliant cybersecurity for your industrial control systems as well as NERC CIP-compliance for your critical infrastructure networks.

Would you like to know more?

Contact us now