Siemens in Security Push

Friday, June 8, 2012 @ 03:06 PM gHale


Siemens is getting more aggressive in its fight to secure its systems.

No one company has suffered more through the Stuxnet case than Siemens. While the intended target of the Stuxnet creators was a nuclear facility in Iran, the system these plants went through happened to be Siemens.

RELATED STORIES
Siemens Integrated Security Functions
Siemens Updates WinCC Holes
Talk to Me: Stuxnet, Flame a Global Alert
Stuxnet Loaded by Iran Double Agents

Late last month Siemens launched new versions of its Simatic NET CP 343-1 Advanced and Simatic NET CP 443-1 processors, which now contain a firewall and VPN feature that better secure connections to the Simatic S7-300 and S7-400 controller series. The new security features also address secure remote access to process controllers.

With that product update, the industrial controls giant is also coming out with a brochure entitled “Industrial Security, Answers for Industry.” The brochure talks about the need for boosting security in the marketplace and also discusses the advances the company has made with its technology.

“It is of crucial importance to corporate success that existing expertise is protected efficiently and on a sustained basis against espionage,” the brochure said. “In addition, unauthorized access to the automation process must be precluded from the very beginning to prevent interruptions in the production processes – this is the only way to ensure system integrity. Another important issue: Reliable protection against sabotage, in other words prevention of faults in production processes such as plant standstills resulting from a virus attack.”

The brochure also said in February last year, the German Agency for Information Technology Security (BSI) listed the threats for automation and process control systems as being among the top 10 dangers.

The dangers listed:
1 Unauthorized use of remote maintenance access
2 Online attacks via office/enterprise networks
3 Attacks against standard components used in the ICS network
4 (D)DoS attacks
5 Human error and sabotage
6 Introduction of harmful code via removable media and external hardware
7 Reading and writing messages in the ICS network
8 Unauthorized access to resources
9 Attacks on network components
10 Technical faults and acts of God



Leave a Reply

You must be logged in to post a comment.