SIEMENS
8/27
Siemens IK PI · 2015
Industrial Security
Security Integrated
Industrial Security Services
8
■
Overview
The merge of data systems in the production and office environ-
ments has made many processes faster and easier, while the
use of the same data processing programs creates synergies.
These developments, however, have also increased the security
risk.
Today it is no longer just the office environment that is under
threat from viruses, trojans and hackers - production plants are
also at risk of malfunctions and data loss. Many weak spots in
security are not obvious at first glance. For this reason, it is
advisable to check existing plants in regard to security and to
optimize them in order to maintain a higher level of plant avail-
ability. To enhance the security of a plant against cyber attacks,
a multi-level service concept for Industrial Security is available
from Siemens Industry.
The first step involves "assessment" – the initial examination of
the existing plant. This identifies weak spots or deviations from
standards. The result of this examination is a detailed report
about the actual status of the plant with a description of the weak
points and an assessment of the risks. The report also contains
suggested actions for improving the level of security.
In the second "implementation" stage
-
the measures defined in
the assessment are implemented, i.e.:
•
Training:
Personnel are given specific training so that they understand
what IT and infrastructure security means in the industrial
environment.
•
Process improvement:
Security-relevant regulations and guidelines relating to the
existing plant requirements are drawn up and implemented.
•
Security technologies:
Protective measures are implemented for hardware and
software, as well as in the plant network; in addition, long-term
protection through monitoring is available.
The measures defined and implemented in the first two phases
are continuously developed in the third phase of "
operation and
management
", i.e. monitoring the security status of the plant,
checking the security level, redefining and optimizing actions,
as well as regular reports and functions such as updates,
backup and restore. Even if changes are made to the plant net-
work, the software environment or the administration of access
rights for users and administrators, services increase the secu-
rity level so that the corresponding data remains in the plant and
attackers are given minimal opportunities to compromise the
plant. The phases of implementation, operation and manage-
ment are tailored precisely to meet the existing needs.
Know your security
posture and develop
a security roadmap
Step 1:
Assess
Provide continuous protection
through proactive defense
Step 3:
Operate &
Manage
Engineering, design and
implementation of a holistic
cyber security program
Step 2:
Implement
Cyber security training
Development of security
policies and procedures
Implementation of security
technology
Global threat intelligence
Incident detection and
remediation
Timely response to the
changing threat landscape
Vulnerability assessment
Threat assessment
Risk analysis
G_IK10_XX_10376
© Siemens AG 2014