Requirements For The Operational Application Environment And Security Assumptions - Siemens SIMATIC S7-1500 System Manual

Industrial cybersecurity
4.5 Operational environment and security assumptions
4.5.2 Requirements for the operational application environment and security
assumptions
Siemens recommends the following security measures:
• Conducting a threat and risk assessment (as part of security management)
• Network security concepts
– Network segmentation
– Asset and network management
– Network protection
– Remote access
• Access control concepts (utilizing access control systems)
– Physical protection
– Physical enterprise security
– Physical product security
Threat and Risk Assessment
Vulnerabilities and risks are identified, and countermeasures are proposed to ensure the
security of the system, networks, and data.
Network security concepts
You can find information on network security in the white paper "Industrial Network Security
Architecture", available from the Download Center
(https://www.siemens.com/us/en/company/topic-areas/cybersecurity/industrial-
security/downloads.html) on the Industrial Cybersecurity
(https://www.siemens.com/us/en/company/topic-areas/cybersecurity/industrial-security.html)
web page.
Access control concepts
Physical protection
In addition to closing off and/or monitoring entire production facilities, it may be necessary to
physically secure cabinets or even individual components such as circuit breakers.
Physical enterprise security
Physical enterprise security can be ensured by the following measures:
• Closed off and monitored company premises
• Access control, locks/card readers, and/or security personnel
• Accompaniment of non-employees by company personnel
• Employees are trained on and embrace security processes within the company
30
SIMATIC Drive Controller
System Manual, 11/2023, A5E46600094-AD