Factory Automation
Batch Processing
Process Automation
Packaging Automation
On the Edge
Download this free 97-page Batch Process Playbook loaded with industry expert advice on topics ranging from control systems, instrumentation, and industrial networks to energy management, security, and system upgrades.

Siemens to Roll Out Industrial Control Security Service

Print Reprint
FILED IN:  Security, Industry News
Given that industrial cybersecurity is a global, multi-vendor concern, Siemens announces plans at its Automation Summit 2013 to deliver managed services for defense-in-depth control security. Numerous pieces of security advice were also offered at the conference.

Ever since news of the Stuxnet virus broke a few years ago, Siemens has found itself front and center in the industrial cybersecurity news. In response, the company has worked to position itself as a leader in the field. At The Automation Conference 2013, well-known industrial control system (ICS) expert Eric Byres, who does not work for Siemens, made reference to Siemens being among the first to advise end users not to rely on air gaps as a security strategy.

Siemens now plans to take extend its commitment to control system security on an industry wide basis by creating a managed service offering based on three layers of defense-in-depth support: Industrial security services, security management, and products and systems. Though no formal date has yet been set for the launch of this service, Roger Hill, cybersecurity R&D for Siemens Industrial Security Services, says that the company is putting together a modularized approach to security that will cover assessment, implementation, operation and management across technology, processes and people.

The security service planned by Siemens will be a phased approach starting with an assessment to determine what needs to goes into the protection solution, according to Hill. To create this service, Siemens is “focusing on heterogeneous networks so that the service will work with any other vendor’s equipment” says Hill. He does admit that when it comes to hardening of control systems as part of the service, “we’ll be able to do more with Siemens products, of course.”

Hill also notes that Siemens is the only automation vendor to achieve Achilles Level 2 certification.

At Siemens’ Automation Summit 2013, another security presentation from Cimation’s Marco Ayala offered several ICS security tips and information such as:

• Get the Cyber Security Evaluation Tool (CSET)— a Department of Homeland Security product that provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks.

• Keep up with the ICS-CERT alerts and advisories service.

• Develop a disaster recovery plan for ICS and enterprise systems in case of attack. Make sure a budget is developed for this.

• Acrobat—used by nearly every manufacturer for plant floor documentation—is the most often attacked application. “Part of the problem is that many manufacturers are still using very old versions of it,” says Ayala.

MS-ISAC cyber ops dashboard shows top 10 ports under attack. “Port 502, which is Modbus TCP, regularly appears on this list,” he says.

• “The key to good cybersecurity is knowing who is doing what with your system and knowing who is watching them,” says Ayala. “If the Internet is part of your system backbone in any way, you have to use encryption and constantly monitor access to system.”

COMPANIES IN THIS ARTICLE: Siemens Industry, Cimation


Don't miss intelligence crucial to your job and business!
Click on any newsletter to view a sample. Enter your email address below to sign up!
Each newsletter ranges in frequency from once per month to a few times per month at most.
The best of the essentials!
Secrets to Automation Project Success

Sign up to receive timely updates from our editors and download this FREE Automation Project Survival Guide. It’s packed with field-tested best practices from industry experts that can help make your next automation project a success.