SIMATIC PCS 7 Process Control System - Siemens
SIMATIC PCS 7 Process Control System - Siemens
SIMATIC PCS 7 Process Control System - Siemens
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
■ Overview<br />
Plant bus 1<br />
INTERNET<br />
Example of "defense in depth" security architecture<br />
INTERNET<br />
The progressive standardization, opening and networking of<br />
control systems has been accompanied by an enormous increase<br />
in security risks. The potential dangers arising from destructive<br />
programs such as computer viruses, worms or trojans<br />
or from access by unauthorized personnel range from network<br />
overloads or failures, theft of passwords and data, to unauthorized<br />
access to the process automation. Apart from material<br />
damage, specifically targeted sabotage can also have dangerous<br />
consequences for people and the environment.<br />
■ Function<br />
With its pioneering security concept, <strong>SIMATIC</strong> <strong>PCS</strong> 7 offers comprehensive<br />
solutions for safeguarding a process engineering<br />
plant that are based on a hierarchical security architecture (defense<br />
in depth). The special feature of this concept is its integrated<br />
approach. It is not just restricted to the use of individual<br />
security methods (e.g. encryption) or devices (e.g. firewalls). Its<br />
strengths lie more in the interaction of a host of security measures<br />
in the plant network. The security concept is described in<br />
detail in the manual "<strong>SIMATIC</strong> <strong>PCS</strong> 7 recommendations and information",<br />
and comprises advice and recommendations (best<br />
practices) on the following topics:<br />
• Creation of a network architecture with defense in depth, combined<br />
with the segmentation of the plant into security cells<br />
• Network administration with name resolution, assignment of<br />
IP addresses and division into subnetworks<br />
• Operation of plants in Windows domains (active directory)<br />
• Administration of the Windows and <strong>SIMATIC</strong> <strong>PCS</strong> 7 operator<br />
privileges; integration of the <strong>SIMATIC</strong> <strong>PCS</strong> 7 operator privileges<br />
into the Windows administration<br />
• Reliable control of the clock synchronization in the Windows<br />
network<br />
• Management of security patches for Microsoft products<br />
• Use of antivirus software and firewalls<br />
• Support and remote access (VPN, IPSec)<br />
© <strong>Siemens</strong> AG 2007<br />
Firewall<br />
Firewall Firewall<br />
Terminal bus 1 (OS-LAN) Terminal bus 2 (OS-LAN)<br />
Security cell<br />
Security cell<br />
Enterprise Resource<br />
Planning (ERP)<br />
Manufacturing Execution<br />
<strong>System</strong> (MES)<br />
Communication<br />
Industrial Security<br />
INTERNET<br />
Plant bus 2<br />
<strong>Siemens</strong> ST <strong>PCS</strong> 7 · November 2007<br />
Introduction<br />
On the system side, <strong>SIMATIC</strong> <strong>PCS</strong> 7 V7.0 supports the implementation<br />
of guidelines and recommendations of the security<br />
concept by means of:<br />
• Compatibility with the current versions of the antivirus software:<br />
Trend Micro OfficeScan, Symantec Norton AntiVirus and<br />
McAfee Virusscan<br />
• Application of the local Windows XP firewall<br />
• <strong>SIMATIC</strong> security control (SSC) for automatic setting of safetyrelated<br />
parameters of DCOM, registry and Windows firewall<br />
during the setup<br />
• User administration and authentication by means of <strong>SIMATIC</strong><br />
Logon<br />
• Integration of the SCALANCE S602, S612 and S613 industrial<br />
security modules of <strong>SIMATIC</strong> NET<br />
The manual "<strong>SIMATIC</strong> <strong>PCS</strong> 7 Security Concept, Recommendations<br />
and Advice" is available on the Internet via the <strong>SIMATIC</strong><br />
Guide for Technical Documentation under "<strong>SIMATIC</strong> <strong>PCS</strong> 7<br />
<strong>Process</strong> <strong>Control</strong> <strong>System</strong>s & Migration".<br />
You can find the <strong>SIMATIC</strong> Guide for Technical Documentation on<br />
the Internet.<br />
Additional information is available in the Internet under:<br />
http://www.siemens.com/simatic-docu<br />
9/33<br />
9