Minimizing risk through securityIncreasing networking and the use of technologies traditionally associated with the "office world"in automation facilities increase the need for security. It is not enough to simply offer superficialand limited protection, because attacks from the outside can occur on several levels. Optimalprotection requires a deep awareness of security.1.1 Security strategiesMotivationTop priority is given in automation engineering to the maintaining production and processcontrol. Any measures taken to prevent the propagation of security risks must not have anegative impact in this context. A satisfactory security strategy implementation should ensurethat only authenticated users can perform authorized (permitted) operator inputs onauthenticated devices using the operator input options assigned to them. These operator inputsshould use only defined and planned access paths in order to ensure reliable production orcoordination during a job without endangering people, the environment, the product, the goodsbeing coordinated, or the company's business.StrategiesProceeding from these principles, a security concept encompasses general defense strategiesthat are intended to defend against the following attacks:• Reduction of availability (e.g. "denial of service")• Circumvention of specific security mechanisms (e.g. "man in the middle")• Deliberate operator error using permitted actions (e.g. following password theft)• Maloperations as a result of non-configured user access rights• Data espionage (e.g. to find out formulas and trade secrets or discover how plants and theirsecurity mechanisms work)• Data tampering (e.g. to make alarm messages appear innocuous)• Deletion of data (e.g. deletion of log files to cover up attacks)Siemens' defense strategy uses defense-in-depth mechanisms.Defense in depthThe concept of defense in depth implies layers of security and detection, even on single-stationsystems. It possesses the following characteristics:• Attackers are faced with breaking through or bypassing each layer without being detected.• A flaw in one layer of the architecture can be protected by capabilities in other layers.• System security becomes a set of layers within the overall network security structure.1 Minimizing risk through securitySecurityArticle ID: 90885010, V3.0, 11/2022 5© Siemens AG 2022 All rights reserved1.2 Implementation of strategies as solutions1.2.1 Strengthen a sense of responsibilitySuccessful implementation of the security strategies in the form of security solutions inautomation facilities can only be accomplished when all parties involved cooperate with aawareness of shared responsibility. These parties primarily include:• Manufacturers (development, system testing, security testing)• Configuration engineers and integrators (design, setup, factory acceptance test)• Owners (operation and administration)These strategies and their implementation must be pursued and updated across the entirelifecycle of a plant (from initial tendering, planning and design to migration and finally toeventual decommissioning of the plant).The following aspects make it possible for the security concept to achieve its intended effect inautomation facilities:• Use of stable, fault-tolerant and system-tested products possessing baseline hardening (IPhardening) and predefined security settings, and which are specially designed for industrialuse• A cutting-edge configuration that uses currentues and standards, allowing for aplant design that is adapted to the customer's security needs• Careful and responsible operation of plants and components according to their potentialapplications as defined by the manufacturer1 Minimizing risk through securitySecurityArticle ID: 90885010, V3.0, 11/2022 6© Siemens AG 2022 All rights reserved1.2.2 The Siemens protection concept: "Defense in depth"Siemens operates on the "defense in depth" strategy to achieve its required security objectives.This strategy follows the approach of a multi-layered security model consisting of the followingcomponents:• Plant security• Network security• System integrityFigure 1-1 The "defense in depth" concept• Physical accessprotection• Organizationalmeasures• Cell securityconcept• securecommunication• Firewalls and VPN• System hardening• Patchmanagement• Authenticationand accessprotectionThe advantage of this strategy is that an attacker first needs to overcome multiple securitymechanisms in order to cause damage. The security re of each of the layers can betailored individually.The Siemens plant security solutionPlant security prevents unauthorized persons from gaining physical access to criticalcomponents using a number of different methods. This starts with conventional building accessand extends to securing sensitive areas with identity cards or access cards.Comprehensive security monitoring leads to transparency with regard to the security status ofproduction facilities. Thanks to continuous analyses and correlations of existing data andthrough comparison of these data with threat indicators, security-relevant events can bedetected and classified according to risk factors.The Siemens network security solutionIf a network segment contains controllers or other intelligent devices that have little or nointrinsic protection, the only other option is to provide these devices a secure networkenvironment. This is most easily done with special routers or gateways. These create securitywith integrated industrial-strength firewalls, and are themselves protected in the process.Additional security comes from segmenting individual subnets, for example by using the cellsecurity concept or a demilitarized zone (DMZ). The security-related segmentation of the plantnetwork into individually protected automation cells minimizes risks and increases security atthe same time. The cells are divided and the devices assigned according to communication andprotection re. Data transmission can be encrypted using "virtual private networks"