All-round protection with Industrial Security - Network Security
With the rising use of Ethernet connections right into the field level, security issues in the industry are also gaining increasing significance. There are enormous chances but also large risks in open communication and the increased networking of production systems. In order to protect an industrial plant from attacks in terms of security, appropriate measures have to be taken.
Siemens offers a multi-layered concept with Defense in Depth according to the recommendations of ISA 99/ IEC 62443 that protects the plant all-round but also in depth. The concept is based on the following components:
- Plant security
- Network security
- System integrity
Whilst classic plant security thwarts physical access, network security and the protection of system integrity safeguards from cyber attacks and unauthorized access by users or people not belonging to the company. Here, you can find an overview arranged in themes with links to the most important entries.
|Plant security||Network security||System integrity|
Network security means protection of automation networks from unauthorized access This includes control of all interfaces, such as, for example, between office and plant networks or of the remote maintenance access to the Internet. This control can be realized by using firewalls and setting up a DMZ (demilitarized zone = zone shielded by means of security technology), if necessary. The security-related segmentation of the plant network into individual protected automation cells serves for risk minimization and security improvement. The division of the cells and assignment of the devices is dependent on the need for communication and protection
Data transfer is encrypted by means of a VPN and thus protected against data espionage and manipulation. The communication users are securely authenticated.
|Protection of an Automation Cell Using the SCALANCE S602 V3 and SCALANCE S623 Security Modules via a Firewall|
|Automation Tasks in 10 minutes or less SIMATIC S7-1500: AT 5 - Integrated Firewall|
Manuals/ Compendium/ Professional articles
|SITRAIN: Security in Industrial Ethernet Networks|
|SITRAIN: Training catalog|