Security Management - Siemens SIMATIC S7-1500 System Manual

You can find more information on the following topics on the SIEMENS web page Industrial
Cybersecurity
security.html).
• Defense in Depth
• Plant security
• Network security
• System integrity
Also make use of the Download Center
areas/cybersecurity/industrial-security/downloads.html) to obtain more information on
industrial cybersecurity. The "Operational Guidelines", for example, provide recommendations
on basic security measures for secure machine and plant operation in an industrial
environment.
4.4.2

Security management

The ISO 27001 and IEC 62443 standards call for a comprehensive approach in IT and OT to
protect against cyberattacks.
Responsibility for cybersecurity and IT security
Every operator of machinery and equipment is responsible for:
• Establishment of cybersecurity and IT security as an important criterion in the
procurement and selection of machines and software applications.
• Use of suitable measures to protect production resources, data, and communication from
manipulation and theft
• Provision of all necessary resources and training to employees to fully support these goals
For this purpose, suitable measures must be selected after a risk assessment and a cost-
benefit analysis in order to protect material and intellectual property and prevent damage
from occurring. These measures should be integrated into corporate processes and
procedures, evaluated regularly, and firmly anchored in the corporate culture. In addition to
protecting intellectual property, the protection of personal data must be ensured at all
organizational units and levels.
Siemens will provide you with information and support. Subscribe to the RSS feed
(https://www.siemens.com/cert) for vulnerabilities. Register on mySiePortal
(https://sieportal.siemens.com/en-ww/home) and create filters to be notified when important
information is published. Consider using Siemens Cybersecurity Services.
Responsibility in the digital supply chain
Cybersecurity should play a critical role in the evaluation and procurement process. The entire
life cycle of a product should be considered to ensure protection against current and future
risks. These include, for example, security updates throughout the product life cycle,
including guidelines for secure disposal of the product.
Siemens plans and announces the release of security updates, discontinuation of products
and cancellation of product support.
SIMATIC Drive Controller
System Manual, 11/2023, A5E46600094-AD
(https://www.siemens.com/us/en/company/topic-areas/cybersecurity/industrial-
4.4 Integrated security concept and security strategies
(https://www.siemens.com/us/en/company/topic-
Industrial cybersecurity
27