The freedom to focus on what matters
Securing your industrial control system in the face of increasing IT/OT convergence, progressively sophisticated cyberattacks, and strict regulations is not easy. Find out more about how we will work with you to find a cybersecurity solution tailored to your requirements using the right blend of OT-network expertise, certified software and rugged hardware.
Be free from worries knowing that your critical infrastructure is safeThanks to trusted professionals who understand the unique requirements of complex industrial and critical infrastructure networks – and who will do the hard work to protect them using a standards-based approach.
The right expertise for your requirements
Irrespective of how complex or simple your requirements might be: the hard work can be left to us. Our cybersecurity and OT experts will put their minds together to design the right cybersecurity solution for your network. This includes identifying network vulnerabilities, conducting assessments and recommending the right cybersecurity regime based on your business requirements and the regulatory environment. Thus, forming the secure foundation from which you can further tap the benefits of digitalization in an increasingly digital world.
To reach out to our Professional Services team, please use the contact button above.
Be free to choose tested and certified software solutions that are just right for youRUGGEDCOM’s versatile hardware lets you host the software that best fits your needs. So, you can choose from leading Siemens software solutions as well as Siemens certified solutions from trusted third-party vendors – each a proven expert in their field.
One box, infinite possibilities
The RUGGEDCOM cybersecurity approach hinges on the RUGGEDCOM APE1808: a powerful application hosting platform that is a line module for the RUGGEDCOM Multi-Service Platform family of switches/routers.
This allows it to integrate easily into your current infrastructure with minimal disruption. Its standards-based platform offers access to any leading, third-party cybersecurity software. So, you are free to choose solutions that are just right for you and which meet the evolving threats and regulations in your country or region.
The RUGGEDCOM RX1500 family
The RUGGEDCOM APE1808 integrates easily into the RUGGEDCOM RX1500 family of modular Layer 2 and Layer 3 switches and routers.
With VPN and firewall capabilities, these integrated switches and routers ensure data security at the Local Area Network (LAN) level through use of passwords, PKI authentication and strong encryption algorithms. They are typically used as the main point of entry between the LAN and the WAN – forming a secure gateway to your industrial control system.
Combatting cyberattacks with anomaly-based Intrusion Detection Systems
With the rise of digitalization comes the increased threat of cyberattacks in critical industries around the world. So how can operators of Industrial Control Systems (ICSs) stay safe when the line between IT and OT networks is rapidly disappearing?
Cybersecurity for critical infrastructureImplement a “Defense in Depth” strategy for your industrial control system with our end-to-end cybersecurity approach that brings together the right hardware, software and expertise. Click on the tabs below to understand more about how our suite of solutions can help you identify, protect, detect and manage cyber threats to your critical infrastructure.
Identifying network vulnerabilities
This is the most crucial step in the journey to implement a robust cybersecurity regime for an industrial control system. Using a risk-based assessment approach such as the NIST framework or the IEC 62443, Siemens Professional Services will help analyze your network, identify existing vulnerabilities, and recommend a cyber risk mitigation solution suited to your business objectives. It is a non-intrusive vulnerability assessment that consists of the following stages:
We start by identifying all assets in the industrial control system, their configurations, the security controls in place, and network data flows.
The next stage involves identifying system vulnerabilities that can be exploited, assessing the attack surface of the network, and quantifying the risk level of these vulnerabilities.
By analyzing the findings from the first two stages, we are now able to capture compliance shortfalls and plan a robust cybersecurity regime for your industrial control systems.
Annual cybersecurity assessments
Industry standards recommend annual cyber assessments to mitigate risks associated with vulnerabilities in critical infrastructure networks. The Siemens Professional Services team is experienced in conducting these assessments with minimal disruption to network operations.
Protecting your Industrial Control System (ICS)
To effectively protect an industrial control system and maximize network uptime, you need to employ a “Defense in Depth” approach across all network layers. This requires:
- Rugged hardware that can tolerate harsh environmental conditions and which allow for secure processes via network segmentation, port disabling, data encryption and routing.
- Software like RUGGEDCOM CROSSBOW for secure access to critical field devices.
- Network entry point protection using Next Generation Firewalls (NGFW) and Intrusion Prevention Systems (IPS) to create an electronic security perimeter for your industrial control system and block malicious traffic.
A Next Generation Firewall is installed at the entry point of the OT network (the network perimeter) and prevents unauthorized access and blocks malware from reaching the critical network assets.
The software gives application-layer visibility into protocols and vulnerabilities specific to OT environments. Designed for maximum throughput without degrading or compromising on network performance, NGFWs ensure high availability for Industrial Control Systems (ICS).
They also can accommodate additional sensors that collect and transmit data throughout the network and can come with add-ons such as anti-malware and anti-spam functionalities.
With our cybersecurity approach, you have access to an industry leading NGFW from Fortinet via the RUGGEDCOM APE1808 line module, a powerful application hosting platform for the RUGGEDCOM RX1500 series of routers.
An Intrusion Prevention System adds to your security perimeter by analyzing data traffic patterns and blocking attacks based on known security profiles. Any suspicious behavior is logged, blocked and reported. Siemens has tested and certified IPS solutions from Fortinet that can be seamlessly integrated into your OT networks with the RUGGEDCOM APE1808 module.
Threats emerging from inside a network are also an important consideration for protecting OT networks from malicious cyber events. In fact, NERC CIP standards mandate secure interactive remote access to critical field assets.
RUGGEDCOM CROSSBOW is a software solution designed to provide NERC CIP-compliant secure access to local and remote assets. Its intuitive, user-friendly interface provides ease of administration for many IEDs (Intelligent Electronic Devices) and the users who manage them.
It is available as a starter edition that can be installed on the RUGGEDCOM APE1808 and used to securely access the assets of small- and medium-sized remote sites with up to a hundred IEDs and five users.
RUGGEDCOM devices are built to be secure by design and take into consideration the NERC CIP 13 standard requirements. They also exceed the requirements of the IEC 61850-3 and IEEE 1613 standards for error-free operation despite harsh ambient conditions such as high levels of electromagnetic interference, humidity, vibration, and temperature extremes from -40° to +85°C.
Detecting threats and anomalies within your ICS
Ensuring that threats and anomalies are detected early is critical to preventing the amount of damage they can cause to your critical infrastructure and operations. This requires an effective Intrusion Detection System (IDS) with Deep Packet Inspection (DPI) capabilities.
A signature-based IDS requires regular (preferably real-time) updates to acquaint the application with the signatures of known attacks. An anomaly-based IDS, on the other hand, relies on understanding data patterns and picking up on exceptions. This type of IDS is highly effective against zero-day attacks but can also initially trigger many false positives as it “learns” how your network operates.
Siemens has partnered with leaders in threat detection technology – such as Nozomi Networks, Secure-NOK and Claroty – to provide both anomaly-based and signature-based IDS for industrial control systems in harsh environments.
Deep Packet Inspection (DPI) is an optional functionality within your Intrusion Detection System that non-intrusively examines OT data packets (ModBus/DNP3) for potential threats. It scrutinizes industrial protocol communications at all layers of the network stack.
This analysis provides a more robust mechanism for enforcing network packet filtering and can be used to accurately identify a range of complex threats hiding in network data streams.
Non-compliant packets can then be routed to a different destination for cybersecurity analysis and risk mitigation. The detailed analysis from DPI also opens the path for organizations to block policy-violating usage patterns or prevent unauthorized data access within approved applications. Siemens has certified IDS solutions, from partners such as Nozomi Networks and Claroty, that also offer additional DPI capabilities.
Managing your cybersecurity response and recovery
Responding to a cyberattack and recovering from it requires people, processes and technology to come together seamlessly in a holistic cybersecurity regime. This includes a holistic and real-time overview of all that is happening on your network.
SINEC NMS, a network management system for industrial control system networks, offers real-time monitoring and 24/7 visibility of the entire network. It also offers special security features for logging and reporting security events to a central server or a SIEM (Security Incident and Event Management) system and facilitates policy-based firewall configurations of your network devices.
Coupled with IDS and NGFW management consoles from our certified partners, you will have complete transparency of your network operations to respond to any cyber event. The Siemens Professional Services team will also be with you every step of the way in order to help you achieve your cybersecurity goals – from finding the right technology for your network and implementing the right security processes to training your personnel to self-manage your new cybersecurity regime.
Securing ICS networks in the modern digital substation
The transition of the electric power industry toward a smarter grid creates a highly automated Industrial Control System (ICS) network for operators. In this webinar, our expert goes over what needs to be done to secure such ICS networks; including secure protocols and best practices.
Overcoming cybersecurity challenges caused by increasing IT/OT convergence
A partner you CAN trust in a zero-trust culture.
“Cybersecurity is a top priority for Siemens. We hold ourselves accountable to the highest cybersecurity standards and endeavor to lead by example.” Check out our whitepaper for an in-depth understanding of Siemens’ Cybersecurity Program, specific to our RUGGEDCOM solutions.
Standard-based cybersecurity solutions for critical infrastructure networks
Be free to focus on what matters with RUGGEDCOM cybersecurity solutions and an end-to-end cybersecurity approach that combines the right hardware, software and expertise. The outcome: IEC 62443-compliant cybersecurity for your industrial control systems as well as NERC CIP-compliance for your critical infrastructure networks.