Unrestricted / © Siemens AG 2016. All Rights Reserved. siemens.com/industrialsecurity
Protecting Productivity
Industrial Security
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 2 Industrial Security
• Benefits of Working with Siemens 40
• Application Examples 29
• The Siemens Solution 9
• Introduction 2
Industrial Security
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 3 Industrial Security
Security TrendsGlobally we are seeing more network connections than ever before
Source: World Economic Forum, 50 Global Risks
Trends Impacting Security
• Cloud Computing approaches
• Increased use of Mobile Devices
• Wireless Technology
• Reduced Personnel Requirements
• Smart Grid
• The worldwide and remote access to remote plants, remote machines and mobile applications
• The “Internet of Things”
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 4 Industrial Security
Industrial SecurityThe corporate security chain is only as strong as its weakest link
Security Can Fail at Any of these Points
• Employees• Smartphones• Laptops• PC workstations• Network infrastructure• Mobile storage devices• Tablet PC• Computer center• Policies and guidelines• Printer• Production systems/plants
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 5 Industrial Security
Industrial SecurityVulnerability disclosures are headline news
Pressure SCADA Developers on Security
Dangerous Security Holes in U.S. Power Plant & Factory Software
Hacking the Grid
U.S. at Risk of Hack Attack
Aging industrial control systems increasingly vulnerable to cyber attack
Feb. 12, 2013: „Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses... Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.“
- U.S. President Barack Obama
Source: https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf
In the ICS-CERT fiscal year (October 2013 until September 2014) ICS-CERT analyzed 245 attacks to control systems in the USA.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 6 Industrial Security
Industrial SecurityWhy has industrial security become so important?
Main Trends Impacting the Vulnerability of Oil & Gas Operations
• Horizontal and vertical Integration at all network levels• Connection of automation networks with IT-Networks and Internet for remote
maintenance• Increased use of open standards and PC-based systems• Possible Threats increased due to these trends:
• Access violation through unauthorized persons• Espionage and manipulation of data• Damages and data loss caused by malware
• Several security incidents reveal the vulnerability of oil & gas operations.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 7 Industrial Security
Industrial SecurityCyber vulnerabilities can affect your facility at many levels
The Need to Act Because of Cyber Security Vulnerabilities
• Loss of intellectual property…• Sabotage of production facilities • Downtime e.g. caused by virus and malware• Manipulation of data or application software• Unauthorized use of system functions• Regulations and standards for industrial security
require conformance• Regulations:
FDA, NERC CIP, CFATS, CPNI, KRITIS• Standards:
ISA 99, IEC 62443
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 8 Industrial Security
Overview of the top 10 threats 2012
1. Unauthorized use of remote maintenance access2. Online attacks via office/enterprise networks3. Attacks against standard components used in the ICS
network4. (Distributed) denial-of-service ((D)DOS) attacks5. Human error and sabotage6. Introduction of harmful code via removable media and
external hardware7. Reading and writing messages in the ICS network8. Unauthorized access to resources9. Attacks on network components10. Technical faults and acts of God
Overview of the top 10 threats 2014
1. Infection with harmful software via the Internet and Intranet
2. Introduction of harmful software via removable media and external hardware
3. Social engineering4. Human error and sabotage5. Unauthorized use of remote maintenance access6. Internet-connected control components7. Technical faults and acts of God8. Compromised smartphones in the production
environment9. Compromised Extranet and cloud components10. (Distributed) denial-of-service ((D)DOS) attacks
Industrial SecurityBSI: Top 10 threats for ICS
Source: BSI analysis on cyber security 2012Source: BSI analysis on cyber security 2014
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 9 Industrial Security
• Benefits of Working with Siemens 40
• Application Examples 29
• The Siemens Solution 9
• Introduction 2
Industrial Security
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 10 Industrial Security
Network security• Cell protection, DMZ and
remote maintenance• Firewall and VPN
System integrity• System hardening• Authentication and use administration• Patch management• Detection of attacks• Integrated access protection in automation
Facility security• Physical access protection• Processes and guidelines• Security service protecting production plants
Security threats demand action
Industrial SecurityThe Defense in Depth Concept
Security solutions in an industrial context must take account of all protection levels
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 11 Industrial Security
Industrial SecuritySolution for facility security
Facility Security
Network security
System integrity
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 12 Industrial Security
Industrial SecuritySecurity Management
Security Management is essential for a well thought-out security concept
Security Management Process
• Risk analysis with definition of mitigation measures
• Setting up policies and coordination of organizational measures
• Coordination of technical measures• Regular / event-based repetition of risk analysis
Technical measures
Risk analysis
Validation & Improvement
Policies, Organizational
measures
1
2
3
4
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 13 Industrial Security
Siemens Security ServicesComplete service portfolio aligned with Risk Management methodology
Security AssessmentsEvaluation of the current security
status of an ICS environment
Security ImplementationsRisk mitigation through
implementation of security measures for reactive protection
Security ManagementComprehensive security
through monitoring and pro-active protection
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 14 Industrial Security
A risk-based Approach withSecurity Assessments
Identify security gaps and measures for risk mitigation• According to ISO 27001 and IEC 62443 regulations• Available for Siemens and third party systems• Question-based • Recommendations for risk mitigation (Report up to 30 pages)
SIMATIC WinCC/ PCS 7 Security Assessment
Identify security gaps and measures for risk mitigation in the context of PCS 7• In accordance with SIMATIC PCS 7 & WinCC security concept• Customized for SIMATIC PCS 7 & WinCC systems• Question-based• Recommendations for risk mitigation (Report up to 30 pages)
Risk and Vulnerability Assessment
Identify, classify and evaluate risks; risk-based security program• Data-based analysis of threats, vulnerabilities and gaps (plus scenarios)• Risk classification and scoring considering the evaluation of criticality• Recommendations for risk mitigation controls (Report contains more than 100 pages)• Basis for a risk-based security program
Security Assessment
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 15 Industrial Security
Risk Mitigation throughImplementation Controls
Establish standard practice in ICS cyber security• Establish new/ review existing ICS security policies, processes + procedures which influence plant security• Integration with enterprise cyber security practice• Implementation of recommendations• Examples: Patch- and Backup-Strategy, handling of removable media, …
ICS* Policies & Procedures Consulting
Network Security Consulting
Support on secured network design and setup • Cell segmentation in security cells based on IEC62443 and SIMATIC PCS 7 & WinCC security concept• Planning of DMZ network (perimeter)• Plant Perimeter Firewall rule establishment / review and implementation
First line of defense against highly developed threats• Based on Automation Firewall Appliance• Installation, configuration, commissioning, test and backup of firewall system and traffic rules• Consideration of customer-specific applications (e.g. fine-tuning of intrusion detection/prevention system
(IDS/IPS))
Perimeter Protection Firewall Installation
Rule-based monitoring of security status for industrial plants• SIEM is a log-file based solution to monitor the security status of an environment and identify threats and
security-relevant events• Definition of monitoring scenarios based on system-specific threat vectors and the existing infrastructure• Installation of SIEM system (HW and SW) and integration and configuration of security relevant event logging
Plant Security Monitoring Installation (SIEM*) * Security Information
and Event Management
* Industrial Control System
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 16 Industrial Security
Risk Mitigation throughImplementation Controls
Validate “clean-slate” status of environment• Identification of security gaps thanks to virus scanning with two different scan engines• Use of McAfee Command Line Scanner and Kaspersky Rescue Disk• No installations required: Use of USB stick and Command Lines
Clean Slate Validation
Windows Local Policy Deployment
System hardening: Establish asset OS host-security baseline • Analysis of plant environment and configuration of local Windows® policies• Checklist-based use of CIS-CAT• Requires system restart
System hardening: Establish asset OS host-security baseline • Analysis of plant environment and configuration of Windows® policies for active directory groups• Checklist-based use of CIS-CAT• Requires system restart
Windows Group Policy Deployment
Installation von Microsoft OS Patches• Installation of automation vendor validated and customer approved Microsoft® OS patches via customer-
owned WSUS server• Consideration of compatibility: Patches recommended by the supplier of automation technology AND
authorized by the customer
Windows Patch Deployment
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 17 Industrial Security
Risk Mitigation throughImplementation Controls
Virus protection solution for malware detection and prevention• Installation and configuration of virus protection software (McAfee Agents)• Installation of the McAfee ePO* central management console recommended when more than 10 anti-virus
agents installed• Compatibility consideration for SIMATIC PCS 7 Systems
Whitelisting Installation
White-listing solution for malware detection and prevention• Installation of whitelisting software (McAfee Application Control)• Installation of the McAfee ePO central management console recommended when more than 10 white-listing
agents installed• Compatibility consideration for SIMATIC PCS 7 Systems
Disaster Recovery Support: System Backup
ICS system backup• Performance of one-time backup of systems in plant environment• Symantec System Recovery software procured and owned by customer
Virus Protection Installation
* ePolicy Orchestrator
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 18 Industrial Security
• Facility Security Services powered by Siemens Cyber Security Operations Center for comprehensive security management
• Security analysts proactively monitorvulnerability and cyber threat activity globally, to deliver real-time communication alerts and advisories
• When global threat intelligence indicates an elevated risk, the Cyber Security Operations Center defines and delivers the appropriate proactive defensive measures
• If an incident is detected on your ICS environment, the Cyber Security Operations Center will coordinate the incident response consisting of investigation, forensic analysis and remediation
• Remediation support by a security engineer tailored to severity of incident, impact on your environment and your business needs
Siemens Cyber Security Operations CenterContinuous & proactive protection for your ICS environment
Continuous Facility Security Monitoring
Secure Connection
CSOC Security Management
Incident Handling
Subscribed Customer
Anti-Virus and Whitelisting Management
Facility Perimeter Firewall Management and Firewall Rules Review
Subscribed Customer
Subscribed Customer
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 19 Industrial Security
Network Security
Industrial SecuritySolution for network security
System integrity
Facility security
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 20 Industrial Security
Network Security –Essential Network Security use cases
• Network services for secure and unsecure network
• Prevent direct connectionsA security module controls the access
Demilitarized zone (DMZ)
• Higher reliability and avail-ability of secure connectionSecurity modules in synchronized standby mode
Secure redundancy
• Remote programming,and monitoring
• Access via internet and mobile networksEncryption and securedaccess via VPN
Remote access
• System is divided into separated cells
• All communicationinto the cells is controlledCommunication is securedby firewall mechanisms
Cell protection
Securezone
DMZzone
Unsecurezone
MRP ring(CU or fiber optic)
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 21 Industrial Security
Industrial SecuritySecurity Integrated – Overview
Siemens products with Security Integrated provide security features such as integrated firewall, VPN communication, access protection, protection against manipulation.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 22 Industrial Security
Industrial Security ServicesSecurity Packages - Automation Firewall
Customer Requirement
Validated solutions for secure network-segmentation, threat-management and secure web access from the system.
Our Solution
The Firewall package offers front-/back-firewall or 3-homed firewall, as well as access point firewall functionality with additional services. It supports an extensive threat management.
As a standard, we offer the “Automation Firewall“ as a tested and validated solution for the implementation with PCS 7, WinCC and SIMATIC NET products.
Additional services support customized solutions and additions, for example monitoring or security management (see Plant Security Services portfolio).
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 23 Industrial Security
System integrity
Industrial SecuritySolution for network security
Facility security
Network security
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 24 Industrial Security
Industrial SecuritySIMATIC S7-1200, S7-1500 and the TIA Portal
Security Highlights
The SIMATIC S7-1200 V4, S7-1500 and the TIA Portal provide several security features:• Increased Know-How Protection in STEP 7
Protection of intellectual property and effective investment:• Password protection against unauthorized opening of program blocks in STEP 7 and thus protection against
unauthorized copying of e.g. developed algorithms • Password protection against unauthorized evaluation of the program blocks with external programs
• from the STEP 7 project• from the data of the memory card • from program libraries
• Increased Copy ProtectionProtection against unauthorized reproduction of executable programs:• Binding of single blocks to the serial number of the memory card or PLC• Protection against unauthorized copying of program blocks with STEP 7• Protection against duplicating the project saved on the memory card
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 25 Industrial Security
Industrial SecuritySIMATIC S7-1200, S7-1500 and the TIA Portal
Security Highlights
The SIMATIC S7-1200 V4, S7-1500 and the TIA Portal provide several security features:• Increased Access Protection (Authentication)
Extensive protection against unauthorized project changes:• New degree of Protection Level 4 for PLC, complete lockdown (also HMI connections need password) *• Configurable levels of authorization (1-3 with own password)• For accessing over PLC and Communication Module interfaces• General blocking of project parameter changes via the built-in display
• Expanded Access ProtectionExtensive protection against unauthorized project changes:• Via Security CP1543-1 by means of integrated firewall and VPN communication
• Increased Protection against ManipulationProtection of communication against unauthorized manipulation for high plant availability: • Improved protection against manipulated communication by means of digital checksums when accessing controllers• Protection against network attacks such as intrude of faked / recorded network communication (replay attacks)• Protected password transfer for authentication• Detection of manipulated firmware updates by means of digital checksums
* Optimally supported by SIMATIC HMI products and SIMATIC NET OPC Server
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 26 Industrial Security
Industrial SecuritySIMATIC Logon
Customer Requirement
• Central, system-wideuser management
• Conforms with therequirements of theFood and DrugAdministration (FDA)
• Configuration atruntime (add / lock / remove user accounts)
• High Security throughbeing based on MSWindows
• Supports domain conceptand Windows workgroups
Our Solution
Secure access control with SIMATIC Logon
User Management of WinCC based on SIMATIC Logon with…
• Central administration (incl. password aging, auto logoff after inactivity time or multiple wrong password entries, lock screen)
• Configuration at runtime (add / lock / remove user accounts)
• All WinCC configurations are supported included web
• Supports domain concept and Windows work groups
User management and authentication for the security of your plant
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 27 Industrial Security
Industrial SecurityAntivirus and whitelisting
Customer Requirement
Detection and prevention of Viruses, Worms and Trojans
Protection against:• Malicious or unwanted
Software• Manipulation
Our Solution
Antivirus and whitelisting solutions provide different security functions:
• Protection against Viruses, Worms and Trojans
• Stop unauthorized applications and malware
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 28 Industrial Security
Industrial SecuritySIMATIC supports all protection levels
The interfaces are subject to regulations - and are monitored accordingly.
Implementation of Security Management
The control level must be protected.
PC-based systems must be protected.
Communication must be monitored and can be segmented.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 29 Industrial Security
• Benefits of Working with Siemens 40
• Application Examples 29
• The Siemens Solution 9
• Introduction 2
Industrial Security
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 30 Industrial Security
Industrial SecurityOverview: Application Examples Network Security
Adapted measures for production
Network Access Control• Interface to IT networks:
Secure architecture with DMZ • Secure Remote Access via Internet• Local network access (port security) via device
and user authentication
Cell Protection• Risk mitigation through network segmentation• Extension of the cell protection concept with
• Security PC- and S7-CPs• Flexible VLAN configuration (S615)
Redundancy• Protection of redundant network topologies and
secure redundant connection of underlying networks or rings
– Products with firewall or VPN functionality
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 31 Industrial Security
Cell Protection and network-segmenting
TaskFor risk minimization, a large automation network is to be segmented into several safety-technical areas. The individual segments are subject to different requirements.
SolutionIndividual segments are secured with a SCALANCE S or a Security communication processor which controls access to the lower-level segment by means of a firewall. A S615 is placed upstream a segment and is able to secure multiple further lower-level cells by means of VLAN
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 32 Industrial Security
Construction of a demilitarized zone (DMZ) e.g. for data server access
TaskNetwork users (e.g. MES servers) should be reachable from the secure and non-secure network without creating a direct connection between the networks.
SolutionA DMZ can be established on the yellow port with the SCALANCE S623, in which the aforementioned server can be placed.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 33 Industrial Security
VPN for secure remote maintenance
TaskSystem access via the Internet using an encrypted VPN tunnel.
SolutionStarting point (e.g. system integrator):e.g. SSC, CP1628 or SCALANCE M as VPN client End point (e.g. end client system): SCALANCE S623 as VPN server• Red port:
Connection to plant network• Yellow port:
Connection of modem / router• Green port:
Connection of secure cells
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 34 Industrial Security
Secure and redundant connection of an underlaid ring with the plant network
*) alternatively to MRP the ring could be also an HRP ring
TaskA ring is to be connected to the plant network in a secure and redundant way.
SolutionThe ring is connected via the ports of the second media module (green ports) and the plant networkis connected via the ports of the first media module (red ports) with SCALANCE S627-2M. A second redundant SCALANCE S627-2M is connected in the same way and is in a stand-by-linking. The state comparison is done via a synch-connection between the yellow ports.Alternatively:The ring is connected via the ports of the second media module (green ports) and the plant network is connected to the red RJ45 port with SCALANCE S627-2M. A second redundant SCALANCE S627-2M is connected in the same way and is in a stand-by-mode. The state comparison is done via the yellow ports.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 35 Industrial Security
Secure and redundant connection of an Automation Cell to a Ring
TaskAn automation cell is to be connected to a ring in a secure and redundant way.
SolutionThe ring is connected via the ports of the first media module (red ports) and the automation cellis connected via the ports of the second media module (green ports) with SCALANCE S627-2M. A second redundant SCALANCE S627-2M is connected in the same way and is in a stand-by-linking. The state comparison is done via the yellow ports.Alternatively:The ring is connected via the red RJ45 port and the automation cell is connected via the second media module (green ports) with SCALANCE S627-2M. A second redundant SCALANCE S627-2M is connected in the same way and is in a stand-by-linking. The state comparison is done via the yellow ports. *) alternatively to MRP the ring could be also an HRP ring
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 36 Industrial Security
Access control and network separation through firewalls
TaskThe communication between automation network and separated automation cell with a S7-1500 controller should be controlled and secured.
SolutionThe CP1543-1 secures the S7-1500 controller with integrated security functions(firewall and VPN) against unauthorizedaccess, espionage and manipulation.Via the network separation it is possible touse identical networks respectivelymachines with the same IP addresses.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 37 Industrial Security
Industrial SecuritySecurity Integrated (Firewalls) in TIA Portal: Configuration of the User Management
TaskConfiguration of the User Management für Security Integrated products (Firewalls) and assignment of roles and rights in TIA Portal
SolutionStep 1: Navigate to global security settings and open the
User Management Folder.
Step 2: Click the flag „user“ to assign user names andpasswords for the predefined system roles “Administrator“, “Standard“ und “Diagnosis“. Optionally, additional roles can be added.
Step 3: Click the flag „roles“ to assign the engineering and device rights to the different roles via a specific list of rights.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 38 Industrial Security
Industrial SecuritySIMATIC S7-1500 and TIA Portal: Setup of Security features including protection level
TaskSetup Security features including protection level for a SIMATIC S7-1500 connected to an HMI device.
SolutionSTEP 1: Select the SIMATIC S7-1500 in the device view or
network view and select the properties view of the SIMATIC S7-1500.
STEP 2: Navigate to the Display properties and set thepassword for the display.
STEP 3: Navigate to the Web server properties, enable the Webserver and activate https. Afterwards add an user andassign access rights to the new user.
STEP 4: Navigate to the Protection properties and set theprotection level.Note: “Complete protection“ means protection level 4.
STEP 5: Enter password for the HMI communication.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 39 Industrial Security
Industrial SecuritySystem hardening with whitelisting
Example 1The maintenance for an operating system on a computer important for production requires:
• Reboot after the installation of security patches.
• During this update process the production needsto be stopped.
SolutionThe time interval for maintenance can be extended by setting up whitelisting on this computer:
• Since only predefined software runs on this computer, security patches need to be installed less frequently.
• Accordingly, the production process needs to be stopped less frequently.
Example 2The Microsoft support for Windows XP ends 2014. For current versions of mEC controllers this means:
• mEC controllers do not support a 64 bit operating system.
• An mEC controller supporting a 64 bit operating system is excepted after 2014.
SolutionThe lifetime of an mEC controller can be extended by setting up whitelisting on such a controller:
• Since only predefined software runs on this controller it may still be used for a certain period of time even after 2014 without further security patches.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 40 Industrial Security
• Benefits of Working with Siemens 40
• Application Examples 29
• The Siemens Solution 9
• Introduction 2
Industrial Security
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 41 Industrial Security
Industrial SecuritySiemens Vertical Expertise: Chemical
Chemical Environment• Chemical Environment• Production Flexibility • Operational Efficiency• Product Quality
Industrial Security provides• Increased Plant Availability• Secure User Access
Industrial Security to keep your plant running securely
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 42 Industrial Security
Industrial Security
• Security is at the Core of TIA
• Increased Protection
• Increased Plant Availability
• Reduced Risk
• Intellectual Property Protection
• Complete Security Life-Cycle Support
Customer benefits...
Facilitysecurity
Networksecurity
Systemintegrity
Protecting productivity with Industrial Security from Siemens
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 43 Industrial Security
Summary: Industrial SecurityThe Defense in Depth Concept in Detail
DCS/SCADA*
*DCS: Distributed Control SystemSCADA: Supervisory Control and Data Acquisition
Potential Attack
Facility SecurityPhysical Security• Physical access to facilities and equipment
Policies & procedures• Security management processes• Operational Guidelines• Business Continuity Management & Disaster Recovery
Network SecuritySecurity cells & DMZ• Secure architecture based on network segmentationFirewalls and VPN• Implementation of Firewalls as the only access point to a security cell
System IntegritySystem hardening• Adapting system to be secure by defaultUser Account Management• Access control based on user rights and privilegesPatch Management• Regular implementation of patches and updatesMalware detection and prevention• Anti Virus and Whitelisting
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 44 Industrial Security
Industrial SecuritySecurity Information
Siemens provides products and solutions with industrial security functions that support the secure operation of plants, solutions, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens’ products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates.
For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit http://www.siemens.com/industrialsecurity.
To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit http://support.automation.siemens.com.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 45 Industrial Security
DISCLAIMER/ TERMS OF USE:
THE INFORMATION PROVIDED HEREIN IS PROVIDED AS A GENERAL REFERENCE REGARDING THE USE OF THE APPLICABLE PRODUCTS IN GENERIC APPLICATIONS. THIS INFORMATION IS PROVIDED WITHOUT WARRANTY. IT IS YOUR RESPONSIBILITY TO ENSURE THAT YOU ARE USING ALL SIEMENS PRODUCTS PROPERLY IN YOUR SPECIFIC APPLICATION. ALTHOUGH THIS SITE STRIVES TO MAINTAIN ACCURATE AND RELEVANT INFORMATION, THERE IS NO OFFICIAL GUARANTEE THAT THE INFORMATION PROVIDED HEREIN IS ACCURATE. IF YOU USE THE INFORMATION PROVIDED HEREIN IN YOUR SPECIFIC APPLICATION, PLEASE DOUBLE CHECK ITS APPLICABILITY AND BE ADVISED THAT YOU ARE USING THIS INFORMATION AT YOUR OWN RISK. THE PURCHASER OF THE PRODUCT MUST CONFIRM THE SUITABILITY OF THE PRODUCT FOR THE INTENDED USE, AND ASSUME ALL RISK AND LIABILITY IN CONNECTION WITH THE USE.
Unrestricted / © Siemens AG 2016. All Rights Reserved.
January 2016Page 46 Industrial Security
Niraj KachhadiaBusiness Development
DF FA
Phone: 510-364-5403
E-Mail: [email protected]
Thank you for your attention!
usa.siemens.com/industrialsecurity
Top Related