● Plant security
Plant security represents the outermost protective ring. Plant security includes
comprehensive physical security measures, e.g. entry checks, which should be closely
coordinated with protective measures for IT security.
● Network security
The measures, grouped under the keyword "Network security", form the core of the
protective measures. This refers to the segmentation of the plant network with limited and
secure communication between subnetworks ("secure islands") and the interface check
with the use of firewalls.
● System integrity
"System integrity" represents the combination two major measures. PC-based systems and
the control level must be protected against attacks. Steps include the following measures:
– User authentication for machine or plant operators with individual authorization levels
– Integrated access protection mechanisms in the automation components to prevent
unauthorized changes via the engineering system or during maintenance
– The use of antivirus and whitelisting software to protect PC systems against malware
– Maintenance and update processes to keep the automation systems up-to-date
(e.g. patch management, firmware updates, etc.)
2.3.2
Plant security
2.3.2.1
Physical protection of critical production areas
Unauthorized persons may be able to enter the production site/building and damage or alter
production equipment as a result of gaps in a company's physical security. Confidential
information can also be lost. This can be prevented if both the company's site and the
production areas are protected accordingly.
Company security
The company's physical security can be ensured via the following measures:
● Closed off and monitored company premises
● Entry control, keys / card readers and/or security personnel
● Escorting of external personnel by company employees
Physical production security
The physical security of a production location can also be ensured via the following measures:
● Separate access control for production areas.
● Installation of critical components in securely lockable cabinets / switching rooms
including monitoring and alarm signaling options
● Prohibited production areas with restricted access rights
Industrial security
2.3 General security measures
SIMOTION P320-4 E / P320-4 S
Manual, 03/2018, A5E36004933B
27