SIEMENS
8/3
Siemens IK PI · 2015
8
■
Overview
(continued)
Industrial Security
Security Integrated
Introduction
Network security as a central component of the Siemens Industrial Security concept
Siemens Industrial Security –
continuous protection for your plant
An optimum industrial security solution can only be implemented
if new approaches are taken because they must be continuously
adapted to new threats. There is no such thing as absolute
security. To ensure a comprehensive and permanent solution,
we provide in-depth advice, partner-like cooperation, and
constant further development of our security measures and
products.
All-round, but also in-depth protection
With Defense in Depth, Siemens provides a multi-level concept
that offers your plant both all-round and in-depth protection.
The concept is based on the components, plant security,
network security, and system integrity, as recommended by
ISA 99 / IEC 62443 – the leading standard for security in
industrial automation. While conventional plant security defends
the plant against physical attacks, network protection and and
protection of system integrity protect against cyber attacks and
unauthorized access by operators or external persons.
Factors for success: Network security
Network security means protecting automation networks from
unauthorized access. This includes the monitoring of all inter-
faces such as the interfaces between office and plant networks
or the remote maintenance access to the Internet, which can be
accomplished by means of firewalls and, if applicable, by estab-
lishing a DMZ (demilitarized zone = secure, protected zone).
The DMZ is used to provide data for other networks, without
granting direct access to the automation network. The secure
segmenting of the plant network into individually protected auto-
mation cells minimizes risks and increases security. Cell division
and device assignment are based on communication and
protection requirements. Data transmission is encrypted by
means of a VPN and is thus protected from data espionage and
manipulation. The communication stations are securely authen-
ticated. The cell protection concept can be implemented and
communication can be secured using "Security Integrated" com-
ponents such as SCALANCE S Security Modules, SCALANCE M
wireless routers, or Security CPs for SIMATIC.
Initial risk assessment and information on the Internet
You want to know now how good the security of your industrial
plant is? We can provide you with detailed information about the
special security issues in your industry. Use the opportunity to
contact our consulting team about any open issues. Our experts
will gladly prepare a security concept that is adapted to the
needs of your production plant or process infrastructure. You
can download the additional "Operational Guidelines" with many
recommendations for protecting your production plant from our
Internet site.
Detection of attacks
Patch management
Authentication/user administration
System hardening
Firewalls & VPN
Cell protection and perimeter network
Processes & guidelines
Physical access protection
Security guidelines
Defense in depth
System integrity
Network security
Plant security
Industrial security services
G_IK10_XX_10336
© Siemens AG 2014