White Paper: IT Security For Process Control Using Siemens SIMATIC PCS 7

By Siemens Energy & Automation

Ensuring the security of industrial control systems is hardly a new topic. The earliest users of modern control systems in power stations and chemical plants saw the need to protect access to vital control functions from unauthorized use. Similarly, in industries such as fine chemical or pharmaceutical where “the process is the product”, manufacturers have always sought to protect the secrets of their unique processes from the prying eyes of industrial spies.

Despite these early roots, the concept of and attitudes toward security in control systems have undergone a necessary overhaul in the past few years, driven primarily by the move to open, commercial off-the-shelf (COTS) technologies such as Ethernet and Microsoft Windows. New threats continue to emerge, most of them not targeted at process users, who can nonetheless be victimized by attacks with far more dire consequences. Process users also face another challenge — the coordination of plant IT configuration and maintenance with corporate IT departments that may not recognize the different goals and specific needs of process users.

While process users struggle to keep up with the latest security threats and technologies, there is help on the way from automation suppliers. While all suppliers recognize security as a key issue, the approaches taken vary from the support of “secure” components to a full systems point of view. Siemens AG takes a holistic, comprehensive approach to security with its PCS 7 Security Concept. This means that the PCS 7 Security Concept takes into account the specific requirements of process control which in general differ significantly from the requirements of Corporate IT. This approach bundles key security measures in several specific areas to create a deep hierarchy of security known as “defense in depth”.