Scribd
Upload
34 views3 pages

SystemDescription-RefArchitecture V10 en TEASER

The document provides a secure reference architecture for a discrete manufacturing network by Siemens, detailing legal disclaimers, application examples, and cybersecurity measures. It emphasizes the importance of implementing a comprehensive industrial security concept and outlines system architecture, security concepts, and risk assessments in accordance with IEC 62443 standards. Additionally, it includes information on network segmentation, secure remote access, and other security measures to protect against cyber threats.

Uploaded by

khaldoun sami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
34 views3 pages

SystemDescription-RefArchitecture V10 en TEASER

The document provides a secure reference architecture for a discrete manufacturing network by Siemens, detailing legal disclaimers, application examples, and cybersecurity measures. It emphasizes the importance of implementing a comprehensive industrial security concept and outlines system architecture, security concepts, and risk assessments in accordance with IEC 62443 standards. Additionally, it includes information on network segmentation, secure remote access, and other security measures to protect against cyber threats.

Uploaded by

khaldoun sami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Secure Reference

Architecture
Siemens
Discrete Manufacturing Network Industry
Online
https://support.industry.siemens.com/cs/ww/en/view/109802750 Support\
Legal information

Legal information
Use of application examples
Application examples illustrate the solution of automation tasks through an interaction of several components in
the form of text, graphics and/or software modules. The application examples are a free service by Siemens AG
and/or a subsidiary of Siemens AG ("Siemens"). They are non-binding and make no claim to completeness or
functionality regarding configuration and equipment. The application examples merely offer help with typical
tasks; they do not constitute customer-specific solutions. You yourself are responsible for the proper and safe
operation of the products in accordance with applicable regulations and must also check the function of the
respective application example and customize it for your system.
Siemens grants you the non-exclusive, non-sublicensable and non-transferable right to have the application
examples used by technically trained personnel. Any change to the application examples is your responsibility.
Sharing the application examples with third parties or copying the application examples or excerpts thereof is
permitted only in combination with your own products. The application examples are not required to undergo the
customary tests and quality inspections of a chargeable product; they may have functional and performance
defects as well as errors. It is your responsibility to use them in such a manner that any malfunctions that may
occur do not result in property damage or injury to persons.

Disclaimer of liability
Siemens shall not assume any liability, for any legal reason whatsoever, including, without limitation, liability for
the usability, availability, completeness and freedom from defects of the application examples as well as for
related information, configuration and performance data and any damage caused thereby. This shall not apply in
cases of mandatory liability, for example under the German Product Liability Act, or in cases of intent, gross
negligence, or culpable loss of life, bodily injury or damage to health, non-compliance with a guarantee,
fraudulent non-disclosure of a defect, or culpable breach of material contractual obligations. Claims for damages
arising from a breach of material contractual obligations shall however be limited to the foreseeable damage
typical of the type of agreement, unless liability arises from intent or gross negligence or is based on loss of life,
bodily injury or damage to health. The foregoing provisions do not imply any change in the burden of proof to
your detriment. You shall indemnify Siemens against existing or future claims of third parties in this connection
© Siemens AG 2023 All rights reserved

except where Siemens is mandatorily liable.


By using the application examples you acknowledge that Siemens cannot be held liable for any damage beyond
the liability provisions described.

Other information
Siemens reserves the right to make changes to the application examples at any time without notice. In case of
discrepancies between the suggestions in the application examples and other Siemens publications such as
catalogs, the content of the other documentation shall have precedence.
The Siemens terms of use (https://support.industry.siemens.com) shall also apply.

Security information
Siemens provides products and solutions with industrial security functions that support the secure operation of
plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement –
and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and
solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks.
Such systems, machines and components should only be connected to an enterprise network or the internet if
and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls
and/or network segmentation) are in place.
For additional information on industrial security measures that may be implemented, please visit
https://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly
recommends that product updates are applied as soon as they are available and that the latest product versions
are used. Use of product versions that are no longer supported, and failure to apply the latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under
https://www.siemens.com/cert.

Reference Architecture for a Discrete Manufacturing Network


Entry-ID: 109802750, V1.0, 03/2023 2
Table of contents

Table of contents
Legal information .............................................................................................................................. 2
1 Discrete Manufacturing Network ........................................................................................... 5
1.1 Overview .................................................................................................................... 5
1.2 Cybersecurity in industry ........................................................................................... 5
2 System Architecture ............................................................................................................... 6
2.1 Architecture for the discrete manufacturing ............................................................... 6
2.2 Description of System Components .......................................................................... 8
3 Cybersecurity and IEC 62443...............................................................................................12
3.1 Overview ..................................................................................................................12
3.2 Security Concept .....................................................................................................14
3.3 Risk Assessment .....................................................................................................15
3.4 Gap Assessment .....................................................................................................15
3.5 Security Level ..........................................................................................................16
3.6 System Cybersecurity in IEC 62443-3-3 .................................................................17
3.6.1 Secure Network Design ...........................................................................................17
3.6.2 Secure Channels & Encryption ................................................................................17
© Siemens AG 2023 All rights reserved

3.6.3 Identity and Access Management ...........................................................................18


3.6.4 Attack Surface Reduction ........................................................................................18
3.6.5 System Integrity Protection ......................................................................................19
3.6.6 Security Logging and Monitoring .............................................................................19
3.6.7 Backup and Restore ................................................................................................20
4 Security measures explained ..............................................................................................21
4.1 Network segmentation .............................................................................................21
4.2 Asset and network management .............................................................................23
4.3 Secure Remote Access ...........................................................................................25
4.4 Endpoint protection ..................................................................................................26
4.5 Anomaly Detection...................................................................................................27
5 Conclusion .............................................................................................................................29
5.1 Trainings ..................................................................................................................29
5.2 Deviations from proposed architecture ....................................................................30
6 Appendix ................................................................................................................................31
6.1 Service and support .................................................................................................31
6.2 Industry Mall ............................................................................................................32
6.3 Links and literature ..................................................................................................32
6.4 Change documentation ...........................................................................................32

Reference Architecture for a Discrete Manufacturing Network


Entry-ID: 109802750, V1.0, 03/2023 3

You might also like