×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109481671, Entry date: 12/21/2015
(5)
Rate

How can a PLC Program be protected against unauthorized manipulation?

  • Entry
  • Associated product(s)
This security information lists measures to protect PLC programs by using appropriate PLC protection methods. The features can be used to reduce the likelihood of unauthorized access and configuration changes to automation components.

Description
Modification of PLC blocks and configuration data via network access enables the rapid adaption of automation solutions. On the other hand, unwanted modification of PLC blocks can adversely change the PLC’s operating behavior. Therefore, it is important to protect the automation system with a layered approach as outlined in the white paper entitled
Operational Guidelines.

For customers concerned about the tampering of program or configuration data, Siemens recommends the use of protection features provided by the SIMATIC S7-300 and S7-400, as well as S7-1200 and S7-1500 controllers.

PLC Access Protection
S7-300, S7-400, S7-1200 and S7-1500 PLCs support the use of password protection. This type of protection is the most important measure and helps to prevent program tampering and unauthorized configuration changes. Password protection is an easily implemented precaution that can be leveraged within a comprehensive, layered approach.
(See the chapter "Online access and function restrictions" in the document
Security with SIMATIC S7-Controller. For more information how to use this function with TIA Portal and S7-1200 and -1500, have a look to the video "Security Integrated" on the Industrial Security website
Video SIMATIC S7-1500: Security Integrated.)

PLC Remote Access Lock
S7-300, S7-400, S7-1200 and S7-1500 PLCs can also be locked against external access. The system functions SFC109 (for S7-300/ S7-400 PLCs) and SFC110 (S7-1200 (V4)/ S7-1500 PLCs) block external access to the PLC.
Note: The configuration cannot be changed anymore even if the write protection passwords are known. Consult the manual for further information concerning SFC 109 (PROTECT) and SFC110 (ENDIS_PW).

Basic Mitigations Measures
Siemens recommends the "Defense-in-Depth" strategy to protect against current and future security threats. Industrial Security is a serious topic, and achieving maximal security requires a holistic approach. In addition to the measures outlined in this information, we strongly recommend our customers to become familiar with Siemens Industrial Security concepts by visiting
https://www.siemens.com/industrialsecurity.

Further Information
All-round protection with Industrial Security

Security Notice
Siemens provides products and solutions with industrial security functions that support the secure operation of plants, solutions, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens’ products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates.
For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit
https://www.siemens.com/industrialsecurity.
To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit
https://support.industry.siemens.com.

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
http://www.siemens.com/industrialsecurity.
Support to the statistics
With this function the IDs found are listed according to number (format .txt).

Generate list
Copy URL
Display page in new design
mySupport Cockpit