Cybersecurity 9810 series - User manual
27 7EN05-0390-08
Subscribe to Siemens security advisories
Register for Siemens security advisories on the Siemens ProductCERT and Siemens CERT
website.
System defense-in-depth assumptions
Defense-in-depth is an information security strategy integrating people, technology, and
operations capabilities to establish variable barriers across multiple layers and dimensions in your
information technology and control system.
Defense-in-depth helps minimize data protection gaps, reduces single-points-of-failure, and
creates a strong cybersecurity posture. The more layers of security in your system, the harder it is
to breach defenses, take digital assets or cause disruption.
Using a defense-in-depth strategy by securing the device in a protected environment will help
reduce your attack surface, decreasing the likelihood of a vulnerability.
Before you install your device, review the following system defense-in-depth assumptions. If you
have not already adopted these assumptions, we strongly recommend you add them to help
improve your cybersecurity posture.
Site security assumptions
•
Perimeter security – Installed devices, and devices that are not in service, are in an access-
controlled or monitored location.
•
Emergency power – The control system provides the capability to switch to and from an
emergency power supply without affecting the existing security state or a documented
degraded mode.
Network security assumptions
•
Controls against malware – Detection, prevention, and recovery controls to help protect
against malware are implemented and combined with appropriate user awareness.
•
Physical network segmentation – The control system provides the capability to:
Physically segment control system networks from non-control system networks.
Physically segment critical control system networks from non-critical control system
networks.
•
Logical isolation of critical networks – The control system provides the capability to
logically and physically isolate critical control system networks from non-critical control
system networks. For example, using VLANs.
•
Independence from non-control system networks – The control system provides network
services to control system networks, critical or non-critical, without a connection to non-
control system networks.
To Next Page
Loading...
Need help?
General
