Industrial Security

Every day we read on the Internet or in our newspapers about so-called ‘cyber attacks’ on government and private industry infrastructure. It’s not just limited to banking and government departments, the process industries are also being affected and control systems are now being targeted. Especially process control systems are in focus herewith.

With its security concept SIMATIC PCS 7 offers a reliable defense against this potential danger.

The developers and product managers of SIMATIC PCS 7 are continuously working on comprehensive security measures, functions and improvements to secure the plant operation:

  • Segmentation into zones and security cells

  • Securing of access points

  • User authentication

  • Secure communication

  • Patch management

  • System hardening

  • Virus scanner

  • Whitelisting

SIMATIC PCS 7 runs on Windows 10 and non-proprietary SIEMENS operating systems. Windows 10 provides a comprehensive Windows security concept consisting of user account control, firewalls and secure web client.

SIMATIC PCS 7 offers enhanced security in the communication with the PCS 7 web option for the essential communication components employing OS web client security via the Achilles L2 certificate.

SIMATIC Logon introduces two-factor authentication

User authentication assigns specific roles to each plant operator, e.g. write or read access to specific applications. Until now, authentication was only possible by entering a password via the keyboard or by identification card. If the card was lost, there was a risk of unauthorized access to the system. Two-factor authentication enables the user to log on to the system with identification card and pin. The new method combines the two factors "possession of a card" and "knowledge of a pin", thereby greatly increasing the security.
The configuration of this function in SIMATIC Manager is extremely easy and user-friendly. The function can be flexibly activated/deactivated via a check box and an individual password can be set.

CPU 410 supports security events

Security events in the network are generated by a wide range of communication partners, e.g. firewalls, operator stations, web servers, web clients and routers. These are messages that are triggered during various events. They can involve unauthorized access from the outside to the communication network or blocked access by a firewall. Up to now, corresponding events were mainly generated on the management level. With the new version of SIMATIC PCS 7, the AS 410 controller can trigger security events on the control level for the first time.

These messages are forwarded via Syslog to systems such as SIEM (security information and events management), collected, correlated and evaluated by appointed security officers (IT admins). It is a matter of recognizing, tracking and taking action against security incidents early on.

The new function contributes to the plant protection against cybercrime and thus increases the system availability. Uniform log files make data more transparent and easier to use.

Certification by the technical inspectorate confirms SIMATIC PCS 7 compliance with security standards

As the first SIEMENS product worldwide, the process control system received an official certification from the technical inspectorate (TÜV SÜD) in November 2016 on the compliance with the security standards IEC 62443-4-1 and IEC 62443-3-3.

Integrated security in communication devices due to:

  • New Scalance S V3 with additional DMZ port for Secure Remote Access

  • User-specific firewall rules and user authentication with login and password

  • Protection of the automation system via CP 443-1 Advanced with firewall and VPN for authentication and data encryption

  • CP 1628 for protecting PCs with firewall and VPN for authentication and data encryption

More informations on Industrial Security