Skip to content

Security Overview

Siemens applies a "Defense in Depth" approach, offering a multi-layered security concept aligned with IEC 62443 recommendations to protect industrial plants comprehensively.

Defense in Depth concept (based on IEC 62443)

Protection Zones

  • Plant Security
    Prevents unauthorized physical access through building access controls and secure zones (e.g., card, biometric, or code-based access), supported by organizational measures.

  • Network Security
    Protects automation networks from unauthorized access using product-level and environmental security measures.

  • System Integrity
    Safeguards know-how and automation processes against unauthorized changes, offering configuration protection and manipulation detection.

Lifecycle Integration

  • Installation
    Secure setup and commissioning, assuming "Secure by Default" is implemented.

  • Operation
    Ongoing protection through updates and evolving technologies.

  • Maintenance
    Service activities are controlled and logged; only trusted devices are permitted.

  • Decommissioning
    Sensitive data is securely deleted or storage media destroyed before recycling.

System Overview

The Industrial Edge Ecosystem enables vertical integration from shop floor to cloud, with secure management of Edge Apps and Devices across all levels.

System overview

Main Components

Component Description
SDEX / Industry Mall Marketplace
Industrial Edge HUB (IEH) Download and manage system software and Edge Apps
Industrial Edge Management (IEM) Manage Edge Apps and Devices
Industrial Edge Device (IED) Decentralized computing unit for running Edge Apps
Industrial Edge App Publisher (IEAP) Desktop client for creating and publishing Edge Apps
Industrial Edge App Docker-based self-contained unit for intelligent automation data processing

Cloud Infrastructure and Data Protection

  • Siemens-operated services run on AWS-certified infrastructure.
  • European tenants (IEH, IEM SaaS) are hosted in AWS Frankfurt.
  • Environment isolation: Productive and pre-productive environments are separated via dedicated cloud tenants.
  • Data backup:
  • Daily backups retained for 7 days
  • Weekly backups retained for 4 weeks