Siemens SIRIUS PROFINET Manual page 15

Threats
Threats can arise from external and internal manipulation. Loss of data security is not always
caused by deliberate actions.
Internal threats arise due to:
● Technical faults
● Operating errors
● Errors in programs.
This internal hazards are compounded by external threats. The external hazards do not differ
from the known threats in the office environment:
● Computer viruses and computer worms
● Trojan horses
● Unauthorized access
● Password phishing.
Password phishing means attempting to get a user to divulge access data and passwords by
masquerading as a different identity in an e-mail.
Precautions
The most important precautions against manipulation and loss of data security in an
industrial environment are:
● Filtering and verification of data traffic through virtual private networks (VPN). A virtual
private network is used to exchange private data in a public network (e.g. the Internet).
The most common VPN technology is IPsec. IPsec is a collection of protocols based on
the IP protocol at the network layer.
● Segmentation into protected automation cells. The aim of this concept is to protect
devices in the network through security modules. A group of protected devices forms a
protected automation cell. Only security modules in the same group or the device
protected by you can be interchanged.
● Authentication (identification) of the networked devices. The security modules identify
themselves to each other via a secure (encrypted) channel using authentication
procedures. This prevents access to a protected segment by unauthorized persons from
outside.
● Encryption of the data traffic. The confidentiality of the data is ensured by encrypting the
data traffic. For this purpose, every security module is given a VPN certificate which
includes the encryption key.
PROFINET Communication Module for SIRIUS Soft Starter 3RW44
Manual, 12/2013, A5E31996495002A/RS-AA/001
Safety information
2.3 Data security in automation
15