Security Design - Siemens Reyrolle 7SR5 Operating Manual

Security Settings

9.1 Security Design

9.1 Security Design
Security Design
Due to the increasing integration of bay units in Ethernet-based communication network, you must secure the
communication against internal failures and attacks from outside. The specifications published by the North
American Electric Reliability Council for critical infrastructure protection - NERC-CIP, for short - and the white
paper published by the German Association of Energy and Water Management (BDEW) contain requirements
for the safe operation of devices in critical communications infrastructure. These requirements are addressed
to manufacturers and operators.
Security must be incorporated into the design of devices right from the start. This is implemented consistently
in 7SR5 devices. Measures in the hardware ensure the secure use of signed files. These are provided to protect
the firmware files and data records of the device. Secure storage of key material on the device makes secure
communication between Reydisp Manager 2 and the device possible. The following items give you a high level
of security when integrating the 7SR5 device in the network:
•
Protection against attacks from the network
•
Multi-stage safety concept in the operating state
•
Logging of authorized and unauthorized access
•
Logging of safety-critical actions
You can switch off unused Ethernet services. If, for example, the RSTP redundancy log is not being used, you
can switch it off using Reydisp Manager 2. This gives a potential attacker no open interfaces and only utilized
services are activated in a network.
[sc_7SR5_EthernetProtocolSettings, 1, --_--]
Figure 9-1
134
Ethernet Protocol Settings used in Reydisp Manager 2
Reyrolle 7SR5, Operating, Manual
C53000-B7040-C013-1, Edition 05.2021