Industrial cybersecurity
4.5 Operational application environment and security assumptions
4.5.2
Requirements for the operational application environment and security
assumptions
Siemens recommends the following security measures:
• Conducting a threat and risk assessment (as part of security management)
• Network security concepts
– Network segmentation
– Asset and network management
– Network protection
– Remote access
• Access control concepts (utilizing access control systems)
– Physical protection
– Physical corporate security
– Physical product security
Threat and Risk Assessment
Vulnerabilities and risks are identified, and countermeasures are proposed to ensure the
security of the system, networks, and data.
Network security concepts
You can find information on network security in the whitepaper "Industrial Network Security
Architecture", available at the Download Center
(https://www.siemens.com/us/en/company/topic-areas/cybersecurity/industrial-
security/downloads.html) on the Industrial Cybersecurity
(https://www.siemens.com/us/en/company/topic-areas/cybersecurity/industrial-security.html)
website.
Access control concepts
Physical protection
In addition to closing off and/or monitoring entire production facilities, it may be necessary to
physically secure cabinets or even individual components such as circuit breakers.
Physical corporate security
Physical enterprise security can be ensured by the following measures:
• Closed off and monitored company premises
• Access control, locks/card readers, and/or security personnel
• Accompaniment of non-employees by company personnel
• Employees are trained on and embrace security processes within the company
Physical production security
The following measures can be included in assuring physical production security:
• Separate access control for critical areas, such as production zones.
• Installation of critical components in lockable cabinets/control rooms with monitoring and
alarm capabilities. The cabinets/control rooms must be secured with a cylinder lock. Do
not use simple locks, such as universal, triangular/square, or double-bit locks.
28
Distributed I/O system ET 200eco PN M12-L
System Manual, 11/2023, A5E48753295-AG