/globalassets/shared/vendor-marketing/siemens/cybersecurity/siemens-simatic-3-1.jpeg
Use case

Network security – communicate securely in industrial networks

As the integration of IT and OT enviroments in companies progress, protecting automation networks from unauthorized access becomes increasingly important. 

 

 

Flexible cell protection concept and network segmentation

With the increasing connection of process networks and office networks, the protection of automation is becoming more important, especially during the operational phase.

The data transfer between the office and plant network should be monitored and controlled. Segmentation and encapsulation of OT systems are necessary. The configuration of the firewall and the management of the firmware need to be centralized.

Challenges

Process environments with identical subnets and security requirements need to be protected.

Additionally, devices without their own integrated security functions within an automation cell must be protected.

The administrative and configuration effort for the firewall devices is enormous.  

Solution

The foundation for a secure network design begins with the choice of a solution approach. As a solution approach for a factory automation network concept, Siemens presents a cell security concept that relies on a layer-3-based isolation of the cells. The SCALANCE S devices in front of each cell are centrally managed with SINEC NMS. SINEC INS offers additional services for user authentication and central log collection.

The key points of this approach are:

  • Network segmentation
  • Protection of zone boundaries
  • Securing the communication between security zones
  • Centralized management

Technical solution

The SINEC NMS network management system by Siemens offers various security-related functions. The Industrial Security Appliances SCALANCE S can be centrally configured and managed.

Firewall guidelines are created using a graphical description based on the allowed communication relationships in the network. SINEC NMS automatically generates device-specific guidelines and enforces these firewall rules on the SCALANCE S devices.

The combination of SCALANCE S and SINEC NMS enhances overall network security.

SINEC NMS reliably meets the process and technical security requirements in accordance with the IEC 62443 standard.