Network structures and network configuration
2.4 Network security
Industrial Ethernet
System Manual, 09/2019, C79000-G8976-C242-10
99
Integrated protection of industrial plants
The following procedure can, among other things, be derived from the requirements of
statutes and standards:
1. Planning security
– Evaluation of the existing security levels and application-specific security
requirements.
– Definition of the requirements with regard to standards and legal requirements, such
as the law on protecting critical infrastructure, as well as with regard to authentication,
user management and access options from external sources (such as remote
maintenance).
– Verification of technical and organizational requirements with regard to a plant-wide
security concept.
2. Implementing security
– Selection of certified and tested products at which security standards were already
taken into account during the product development.
– Inclusion of experts from the field of security and security assessments (for example,
Siemens Industrial Security Services).
– Implementation of the defense in depth concept for the implementation of security-
relevant functions on all levels.
3. Always active
Subscribing to Siemens ProductCert Security Advisories to stay informed about product
vulnerabilities and security updates.
Defense in Depth
Defense in Depth is a multi-level concept for comprehensive protection of your plant. The
concept is based on plant security, network security and system integrity and is based on the
recommendations of IEC 62443 - the leading standard for security in industrial automation.
The objective is to achieve the highest possible protection at justifiable administrative and
economical costs. The following enumeration lists some examples of measures:
● Plant security
– Object protection and definition of processes and guidelines
– Additional protection of sensitive areas. Personalized access authorizations for
machines and plants (for example with SIMATIC RF1060R).
– Physical network access protection by locking unused ports, for example, by an RJ45
port lock.
● Network security
– Monitoring and protection of all interfaces and zone transitions by firewalls, such as
connection to the office network and to the Internet, accesses for remote
maintenance.
– Limitation of IT and OT through a DMZ (demilitarized zone) This term is used for a
network that is established to ensure secure data exchange and to safeguard access
To Next Page
Loading...
Need help?
General
