Siemens Welding System ST PCS 7 User Manual
Communication
Industrial Security
Introduction
9/33
Siemens ST PCS 7 · November 2007
9
■
Overview
Example of "defense in depth" security architecture
The progressive standardization, opening and networking of
control systems has been accompanied by an enormous in-
crease in security risks. The potential dangers arising from de-
structive programs such as computer viruses, worms or trojans
or from access by unauthorized personnel range from network
overloads or failures, theft of passwords and data, to unautho-
rized access to the process automation. Apart from material
damage, specifically targeted sabotage can also have danger-
ous consequences for people and the environment.
■
Function
With its pioneering security concept, SIMATIC PCS 7 offers com-
prehensive solutions for safeguarding a process engineering
plant that are based on a hierarchical security architecture (de-
fense in depth). The special feature of this concept is its inte-
grated approach. It is not just restricted to the use of individual
security methods (e.g. encryption) or devices (e.g. firewalls). Its
strengths lie more in the interaction of a host of security mea-
sures in the plant network. The security concept is described in
detail in the manual "SIMATIC PCS 7 recommendations and in-
formation", and comprises advice and recommendations (best
practices) on the following topics:
• Creation of a network architecture with defense in depth, com-
• Creation of a network architecture with defense in depth, com-
bined with the segmentation of the plant into security cells
• Network administration with name resolution, assignment of
IP addresses and division into subnetworks
• Operation of plants in Windows domains (active directory)
• Administration of the Windows and SIMATIC PCS 7 operator
• Administration of the Windows and SIMATIC PCS 7 operator
privileges; integration of the SIMATIC PCS 7 operator privi-
leges into the Windows administration
• Reliable control of the clock synchronization in the Windows
network
• Management of security patches for Microsoft products
• Use of antivirus software and firewalls
• Support and remote access (VPN, IPSec)
• Use of antivirus software and firewalls
• Support and remote access (VPN, IPSec)
On the system side, SIMATIC PCS 7 V7.0 supports the imple-
mentation of guidelines and recommendations of the security
concept by means of:
• Compatibility with the current versions of the antivirus soft-
• Compatibility with the current versions of the antivirus soft-
ware: Trend Micro OfficeScan, Symantec Norton AntiVirus and
McAfee Virusscan
• Application of the local Windows XP firewall
• SIMATIC security control (SSC) for automatic setting of safety-
• SIMATIC security control (SSC) for automatic setting of safety-
related parameters of DCOM, registry and Windows firewall
during the setup
• User administration and authentication by means of SIMATIC
Logon
• Integration of the SCALANCE S602, S612 and S613 industrial
security modules of SIMATIC NET
The manual "SIMATIC PCS 7 Security Concept, Recommenda-
tions and Advice" is available on the Internet via the SIMATIC
Guide for Technical Documentation under "SIMATIC PCS 7
Process Control Systems & Migration".
You can find the SIMATIC Guide for Technical Documentation on
You can find the SIMATIC Guide for Technical Documentation on
the Internet.
Additional information is available in the Internet under:
Additional information is available in the Internet under:
http://www.siemens.com/simatic-docu
INTERNET
INTERNET
INTERNET
Plant bus 1
Terminal bus 1 (OS-LAN)
Terminal bus 2 (OS-LAN)
Plant bus 2
Security cell
Firewall
Firewall
Firewall
Security cell
Manufacturing Execution
System (MES)
System (MES)
Enterprise Resource
Planning (ERP)
Planning (ERP)
© Siemens AG 2007