Minimizing riskthrough securityIncreasing networking and the use of technologiestraditionally associated with the "office world"in automationfacilities increase the need for security. It is not enough tosimply offer superficialand limited protection, because attacksfrom the outside can occur on several levels. Optimalprotectionrequires a deep awareness of security.1.1 SecuritystrategiesMotivationTop priority is given in automation engineeringto the maintaining production and processcontrol. Any measurestaken to prevent the propagation of security risks must not haveanegative impact in this context. A satisfactory security strategyimplementation should ensurethat only authenticated users canperform authorized (permitted) operator inputs onauthenticateddevices using the operator input options assigned to them. Theseoperator inputsshould use only defined and planned access paths inorder to ensure reliable production orcoordination during a jobwithout endangering people, the environment, the product, thegoodsbeing coordinated, or the company'sbusiness.StrategiesProceeding from these principles, a securityconcept encompasses general defense strategiesthat are intended todefend against the following attacks:• Reduction of availability(e.g. "denial of service")• Circumvention of specific securitymechanisms (e.g. "man in the middle")• Deliberate operator errorusing permitted actions (e.g. following password theft)•Maloperations as a result of non-configured user access rights•Data espionage (e.g. to find out formulas and trade secrets ordiscover how plants and theirsecurity mechanisms work)• Datatampering (e.g. to make alarm messages appear innocuous)• Deletionof data (e.g. deletion of log files to cover up attacks)Siemens'defense strategy uses defense-in-depth mechanisms.Defense indepthThe concept of defense in depth implies layers of security anddetection, even on single-stationsystems. It possesses thefollowing characteristics:• Attackers are faced with breakingthrough or bypassing each layer without being detected.• A flaw inone layer of the architecture can be protected by capabilities inother layers.• System security becomes a set of layers within theoverall network security structure.1 Minimizing risk throughsecuritySecurityArticle ID: 90885010, V3.0, 11/2022 5© Siemens AG2022 All rights reserved1.2 Implementation of strategies assolutions1.2.1 Strengthen a sense of responsibilitySuccessfulimplementation of the security strategies in the form of securitysolutions inautomation facilities can only be accomplished when allparties involved cooperate with aawareness of sharedresponsibility. These parties primarily include:• Manufacturers(development, system testing, security testing)• Configurationengineers and integrators (design, setup, factory acceptance test)•Owners (operation and administration)These strategies and theirimplementation must be pursued and updated across theentirelifecycle of a plant (from initial tendering, planning anddesign to migration and finally toeventual decommissioning of theplant).The following aspects make it possible for the securityconcept to achieve its intended effect inautomation facilities:•Use of stable, fault-tolerant and system-tested products possessingbaseline hardening (IPhardening) and predefined security settings,and which are specially designed for industrialuse• A cutting-edgeconfiguration that uses current techniques and standards, allowingfor aplant design that is adapted to the customer's security needs•Careful and responsible operation of plants and componentsaccording to their potentialapplications as defined by themanufacturer1 Minimizing risk through securitySecurityArticle ID:90885010, V3.0, 11/2022 6© Siemens AG 2022 All rights reserved1.2.2The Siemens protection concept: "Defense in depth"Siemens operateson the "defense in depth" strategy to achieve its required securityobjectives.This strategy follows the approach of a multi-layeredsecurity model consisting of the followingcomponents:• Plantsecurity• Network security• System integrityFigure 1-1 The "defensein depth" concept• Physical accessprotection•Organizationalmeasures• Cell securityconcept• securecommunication•Firewalls and VPN• System hardening• Patchmanagement•Authenticationand accessprotectionThe advantage of this strategy isthat an attacker first needs to overcome multiplesecuritymechanisms in order to cause damage. The securityrequirements of each of the layers can betailored individually.TheSiemens plant security solutionPlant security prevents unauthorizedpersons from gaining physical access to criticalcomponents using anumber of different methods. This starts with conventional buildingaccessand extends to securing sensitive areas with identity cardsor access cards.Comprehensive security monitoring leads totransparency with regard to the security status ofproductionfacilities. Thanks to continuous analyses and correlations ofexisting data andthrough comparison of these data with threatindicators, security-relevant events can bedetected and classifiedaccording to risk factors.The Siemens network security solutionIf anetwork segment contains controllers or other intelligent devicesthat have little or nointrinsic protection, the only other optionis to provide these devices a secure networkenvironment. This ismost easily done with special routers or gateways. These createsecuritywith integrated industrial-strength firewalls, and arethemselves protected in the process.Additional security comes fromsegmenting individual subnets, for example by using thecellsecurity concept or a demilitarized zone (DMZ). Thesecurity-related segmentation of the plantnetwork into individuallyprotected automation cells minimizes risks and increases securityatthe same time. The cells are divided and the devices assignedaccording to communication andprotection requirements. Datatransmission can be encrypted using "virtual private networks"