Cyber security

A modern substation contains vast amounts of data, subsets of which are of interest to control center or enterprise applications and users. Siemens has dedicated itself to helping the electric utility industry access this data, process it into useful information and provide it in a usable format to a wide range of users and enterprise systems. Siemens is a recognized technology leader and now offers its technology and expertise in three new flexible product lines:

RUGGEDCOM CROSSBOW

A proven Secure Access Management solution designed to provide NERC CIP compliant access to Intelligent Electronic Devices. The CROSSBOW solution focuses on delivering productivity gains for administrators and users while achieving full NERC compliance in managing, securing and reporting on remote access.


Cyber security has become an urgent issue in many industries where advanced automation and communications networks play a crucial role in mission critical applications and where high reliability is of paramount importance. The electric utility, transportation, military, and industrial markets have special needs not found in a typical “commercial” or “office” environment.

Siemens has been monitoring the developments of the various industry specific security standards including NERC CIP, ISA S99, AGA 12, IEC 62443, ISO 17799:2005 and PCSRF SPP-ICS, to ensure all Siemens RUGGEDCOM products contain features necessary to comply with the identified requirements.

Siemens is committed to providing a complete Cyber Security solution. By combining the security features the RUGGEDCOM switches with that of the Multi Service Platform cyber security appliance, Siemens customers are able to establish an electronic security perimeter around their critical infrastructure in order to prevent the disruption of mission critical applications by accidental or malicious acts.

Multi Service Platform

The Multi Service Platform  has been specifically developed to provide an Electronic Security Perimeter for the protection of critical cyber assets. The RUGGEDCOM Multi Service Platform is the main point of entry between the local area network (plant floor or substation) and the outside world. The Multi Service Platform combines a layer 3 router, a firewall, and a VPN in one device.

Key RUGGEDCOM Multi Service Platform cyber Sscurity features include:

  • Firewall – Statefull firewall to control traffic between different zones of trust within a network. Includes Network Address Translation (NAT) to prevent unauthorized or malicious activity, initiated by outside hosts, from reaching the internal LAN.

  • Virtual Private Networking (VPN) – Provides secure communication links over networks. Ensures confidentiality, sender authentication, message integrity, and uses IPSec (IP Security) for encryption and authentication of all IP packets at the network layer.

  • Strong Encryption – Utilizes various encryption algorithms (DES, 3DES, AES) to obscure information and make it unreadable without special knowledge

  • Optional – Check Point security on APE – State of the art Check Point security with Firewall and Intrusion Prevention System


RUGGEDCOM Switches

The RUGGEDCOM Ethernet Switches provide security at the local area network level. The key cyber security features of these switches include:

  • Passwords – Multi-level user passwords secures switch against unauthorized configuration

  • SSH / SSL – Extends capability of password protection to add encryption of passwords and data as they cross the network

  • Enable / Disable ports – Capability to disable ports so that traffic can not pass

  • 802.1Q VLAN – Provides the ability to logically segregate traffic between predefined ports on switches

  • MAC based Port security – The ability to secure ports on a switch so only specific Devices / MAC addresses can communicate via that port

  • 802.1x Port Based Network Access Control – The ability to lock down ports on a switch so that only authorized clients can communicate via this port

  • Radius - Provides centralized authentication

  • SNMPv3 - encrypted authentication and access security