Industrial Automation Blog

It doesn't have to be a Stuxnet attack, a simple smartphone app can often gain access to critical data. Even though such open doors could be closed with a minimum of common sense, they often aren't. Convenience and a general lack of security consciousness play their part. The best countermeasure would be better education, but some better hardware could at least make you feel safer.

That's where Siemens Industry Automation jumps in: The new versions of the »Simatic NET CP 341-1 Advanced« and »Simatic NET CP 443-1 Advanced« communications processors contain a firewall as well as a VPN function (Virtual Private Network) and establish secure access to controllers of the »Simatic S7-300« and »S7-400« series. Industrial PCs can also be equipped with a firewall and VPN client by means of the »Simatic NET CP 1628« module. The security module »Scalance S623« is also new; with an additional DMZ port for service access, as is the UMTS router »Scalance M875« for secure access to plant units via the UMTS mobile network. All of this is called »Security Integrated«.

The Simatic NET CP 1628 module for industrial PCs supports secure connection of industrial PCs to the network via a VPN and firewall. In this manner, computers equipped with the module can be connected to protected cells. It is also possible to access an industrial PC with an integral CP 1628 using the Softnet Security Client application over the Internet or a company-internal network via remote access.

Two more new products in the security portfolio of the Industry Automation Division are the security module Scalance S623 and the UMTS router Scalance M875. With Scalance S623, the thoroughly revised range of Scalance S modules is supplemented by a variant with a DMZ port (Demilitarized Zone). This port opens up a separate and, if required, restricted access point to the network for service access. A DSL modem can be connected to the DMZ port for service work via remote access. In the case of Scalance M875, this is a UMTS router with integrated security functions. The router is ideal for secure communication to and from distributed automation cells via VPN, such as the supply stations of a water utility company or mobile plants that have to be centrally monitored or controlled from a control center.

Due to the increased use of Ethernet connections penetrating the field level, security issues are gaining in importance in industry. For comprehensive protection of a plant, a variety of different measures must be implemented. These range from the company organization and its guidelines regarding protective measures for PC and control systems through to protection of automation cells by segmenting the network. Siemens follows the cell protection concept and offers – with the modules of the Scalance M and the Scalance S series together with the security communication modules – numerous components for building up protected cells. With the cell protection concept, a plant network is subdivided into protected automation cells within which all devices are able to communicate with each other securely. The individual cells are connected to the overall network protected by a VPN and firewall. Cell protection reduces the susceptibility to failure of the entire production plant and increases its availability.