Introduction to "Industrial Cybersecurity" for OT

"Defense in Depth" strategy

With "Defense in Depth", Siemens provides a multi-layer security concept that offers industrial plants comprehensive and far-reaching protection in accordance with the recommendations of the IEC 62443.

Protection zones of "Defense in Depth"

• Plant security
  Plant security methods prevent unauthorized persons from gaining physical access to critical components. This starts with classic building access and extends to securing sensitive areas using access control (for example, code card, iris scan, fingerprint or access code). Physical security measures are supported and supplemented by organizational security measures.
• Network security
  Automation networks must be protected against unauthorized access. Security measures on the product and in the product-related environment also provide support.
• System integrity
  Targeted measures must be taken to protect existing know-how or to prevent unauthorized access to automation processes. The system integrity measures protect against unauthorized configuration changes, offer know-how protection and detect manipulation attempts.

"Defense in Depth" in the life cycle of a product

• Installation
  After completion of the installation process and subsequent commissioning (setup, commissioning, manual hardening, configuration), the product is optimally secured and protected.
  This assumes that "Secure by default" has been implemented for the product.
• Operation
  The protection is updated through updates and strengthened with new technologies during operation.
• Maintenance
  Service measures themselves are a security risk. Service must be performed with particular care. For example, only trusted USB devices may be connected to the product and the presence of service personnel must be logged.
• Decommissioning
  Sensitive data must be irrevocably deleted or data storage media destroyed before they are recycled.