Industrial Security for Controllers and HMIs

 

We offer sophisticated designs for security of controllers, HMI, and SCADA applications, fully in keeping with the spirit of Totally Integrated Automation, our system architecture for integrated automation.

The SCADA software, our controllers and our HMIs have been coordinated in terms of their security functions. Targeted deactivation of unneeded services allows their interfaces to be hardened without loss of functionality.

SIMATIC Logon: User administration and role-based access control

With SIMATIC Logon, you rely on central, plant-wide user administration for SIMATIC engineering and runtime systems. Security mechanisms on the part of the administrator and user ensure reliable protection. The user is uniquely defined by his/her user ID, consisting of user name and password. The administrator can also configure new users or block existing users online, both throughout the plant and across applications.

Deactivation of services

For security reasons, most network services are deactivated in our products in their basic configuration. These services are only activated by configuration if they are needed as part of an automation solution.

Deactivation of hardware interfaces

If a controller, HMI system, or I/O module has unneeded PROFINET interfaces, these can be deactivated via configuration. Plugging in an illegal device thus causes no harm because the port is inactive.

Robust communication

One of the system properties of our PROFINET devices is their robustness against large volumes of network packets or faulty network packets. For example, this robustness will ensure that high network loads or denial-of-service attacks will not impair automation operation. If a network overload occurs in which all communication resources are allocated, regular operation will resume automatically once the network load subsides.

Password protection

Only authorized persons are permitted to change the configuration or to access functions for automation components that are relevant to the system or process. Our controllers as well as our HMI systems provide access protection mechanisms that allow access only after previously assigned access information (e.g., a password) is entered. This protection is available for configuration interfaces and for other services (e.g., Web servers).

Know-how protection by encrypting the user program

SIMATIC STEP 7 and S7 controllers use know-how protection for program blocks to safeguard the confidentiality of the user's know-how contained in the automation solution. Once the program blocks are encrypted, their content cannot be accessed without entering the correct password.

Copy protection

Know-how protection can be supplemented with copy protection, which prevents duplication of program blocks in STEP 7. The execution of program blocks that have been protected with copy protection is tied to certain properties in the runtime environment. The relevant criteria for this are the serial number of a CPU module or memory card.