Skip to Content

SiePortal

The integrated platform for your product selection, buying and support workflow - bringing together Industry Mall and Online Support.

SiePortalDeutsch

Search

Home
Support
- Menu temporary not available

Products & Services
Support
MySiePortal
Cart

Navigation

Categories

Topics

Forum Terms

Firmware

Created by: DBME at: 4/28/2022 4:22 PM (1 Replies)

Rating (1)

Thanks 1

2 Entries

4/28/2022 4:22 PM	Rate (0)
DBME Regular Member Joined: 11/24/2018 Last visit: 9/30/2024 Posts: 29 Rating: (1)	Hello experts, Recently a proposal was made to upgrade the firmware of around a hundred S7-300/400 PLCs, some of which are over 20 years old, in our plant. To my knowledge none of them have ever been so upgraded. The reason for this proposal is to brace the PLCs against cyber attacks. We do have an OT layer and a very vigilant IT team to guard our networks. Going through the descriptions of the firmware upgrades, I found very little in the way of networking improvements. We do not use any webservers. I wonder, if anyone has done this before and whether there were undo complications as a result? Any input would be greatly valued. Thank you very much & have a great day! DBM

Suggestion To thank Quote Answer

5/9/2022 5:05 PM	Rate (1)
mmckay Bronze Member Joined: 9/21/2006 Last visit: 5/25/2023 Posts: 247 Rating: (65)	Updating to the latest firmware available for your CPUs will have some positive effect on the security "hardness" of your system. However, the effects will be limited because: 20 year old CPUs are likely to be in phase-out or later life cycle status, so Siemens is not actively updating their firmware in most cases 20 year old CPUs were designed for a different cybersecurity posture than today's network environments. They simply do not have the encryption and authentication features required for a secure network. While updating the firmware is a fairly simple operation, I always recommend testing the operation of a system after any significant change has been done. This will require both downtime and running through test procedures to verify correct operation of the controlled machines. After updating the firmware, you should review all the configuration settings in your CPU and communications modules to verify that they are set to the most secure settings consistent with the operational needs of your system. I recommend that you look at Security with SIMATIC-S7 controllers if you have not already done so: not all of the recommendations apply to S7-300/400 PLCs, but many of them do. Additionally, I recommend looking at "Defense in Depth" strategies detailed in Operational Guidelines for Industrial Security. Putting in security devices to isolate automation networks from other networks may be a more effective cybersecurity strategy for older PLCs.

Suggestion To thank Quote Answer
This contribution was helpful to 1 thankful Users qwazee

|

Share this page:

Share this page on...

Follow us on