6HFXULW\ULVNVGHPDQG
DFWLRQ
3K\VLFDODFFHVVSURWHFWLRQ
SURFHVVHVDQGVHFXULW\VHUYLFH
JXLGHOLQHVIRUWKHSURWHFWLRQRI
SURGXFWLRQSODQWV
3ODQWVHFXULW\
&HOOSURWHFWLRQ
SHULPHWHUQHWZRUN
ILUHZDOOVDQG931
1HWZRUNVHFXULW\
,QWHJUDWHGDFFHVVSURWHFWLRQ
LQWKHDXWRPDWLRQ
6\VWHPLQWHJULW\
6\VWHPKDUGHQLQJ
DXWKHQWLFDWLRQDQGXVHU
DGPLQLVWUDWLRQSDWFK
PDQDJHPHQWGHWHFWLRQ
RIDWWDFNV
'HIHQVHLQGHSWK
Figure 2-1 Defense in depth strategy
● Plant security
Plant security represents the outermost protective ring. Plant security includes
comprehensive physical security measures, e.g. entry checks, which should be closely
coordinated with protective measures for IT security.
● Network security
The measures, grouped under the keyword "Network security", form the core of the
protective measures. This refers to the segmentation of the plant network with limited and
secure communication between subnetworks ("secure islands") and the interface check
with the use of firewalls.
● System integrity
"System integrity" represents the combination two major measures. PC-based systems and
the control level must be protected against attacks. Steps include the following measures:
– User authentication for machine or plant operators with individual authorization levels
– Integrated access protection mechanisms in the automation components to prevent
unauthorized changes via the engineering system or during maintenance
– The use of antivirus and whitelisting software to protect PC systems against malware
– Maintenance and update processes to keep the automation systems up-to-date
(e.g. patch management, firmware updates, etc.)
Industrial security
2.3 General security measures
SIMOTION P320-4 E / P320-4 S
28 Commissioning and Hardware Installation Manual, 11/2016
To Next Page
Loading...
