Better safe than sorry: Companies risk disastrous consequences if they try to save on security measures in their automation systems or to do without them entirely. In a worst-case scenario, companies are not only regretful following a cyberattack, but can also suffer serious losses – or even lose their competitive edge. As a central engineering framework, TIA Portal combines a number of functions that can minimize the risk of a cyberattack. I’d like to introduce you to a few of them.
“That isn’t going to happen to me – I’d see if anything like that was happening!”– I’d bet that a lot of us are pretty confident we’d never fall victim to a cyberattack. After all, we’re far too clever for that, we recognize phishing emails immediately, and would never download malware. But are we really so clever? According to a report by the Federal Office for Information Security (BSI) on the state of IT security in Germany in 2021, one in every four Germans has been the victim of Internet crime. Such cyberattacks are much more lucrative when directed against companies rather than individuals and, sadly, criminals are enjoying more and more success in that area: A study by digital association Bitkom showed that nine out of ten companies (88%) were affected in 2020-21.
Effectively combating cyber threats
What makes it so easy for attackers is the constantly increasing pace of digitalization and the associated growth in networking between OT (Operational Technology) and IT (Information Technology). As a result, OT is increasingly becoming the focus for cyber criminal attackers, and must be protected with the same security measures and strategies as those that have long been established for IT. Otherwise there’s the risk of losing expertise and data, damage to plant, or even total production outages – that can add up to a major cost for any company. But there are ways for companies to master the challenges of end-to-end cybersecurity, including the integral security component of Totally Integrated Automation Portal (TIA Portal).
TIA Portal is the central engineering framework that assists automation specialists throughout the entire lifecycle of a plant, from planning to engineering, commissioning, and maintenance. That makes it essential to ensure security also has a high value in TIA Portal. But what does that mean for our industrial customers in specific terms? They get a tool that enables them to configure and manage all cyber security settings and options at a central level, one that guarantees top standards of security, and whose user-friendliness makes the entry threshold for cyber security as low as possible.
The security features integrated in TIA Portal V17 include secure mechanisms for communication between the networked devices (engineering stations, controllers and/or HMI panels). Internet standard TLS 1.3 (Transport Layer Security) makes it possible to encrypt the data sent between the individual devices, and individual certificates for each controller guarantee data integrity between the communication partners. You can either import these individual security certificates into TIA Portal or create them via the certificate manager. Confidential configuration data can also be protected in TIA Portal and in the controllers with a user-defined password. That way, you as the user can protect your data against third-party access and manipulation.
With the “Security by default” concept in TIA Portal V17, specific options are pre-configured and activated as standard to support a higher level of security for your machines and plant. For example, access protection for controllers with various protection levels is provided from the outset; PG-HMI communication is encrypted using TLS as standard, and access to the controller is password-protected.
Maximum user-friendliness is assured by the Security Wizard, which starts automatically when you set up a new controller and guides you as the user through the security configuration. This security assistant explains the function and impact of all the potential options in a way that’s easy to follow; lastly, you can set your preferred settings as standard.
User management and access control
Another important security aspect is user management with UMAC (User Management & Access Control), which is integrated in TIA Portal V17. This lets you assign specific roles and rights to your employees, in addition to customized access for each use, in order to prevent unauthorized access to project components, machines, and plant: For example, you can grant one project engineer access to just a single controller, while another may have access limited to just the HMI. In addition, UMAC ensures the project is locked automatically after a specific period of inactivity, e.g. if the employees leave their desk during the lunch break. Single sign-on guarantees seamless workflows with a single log-in, since there’s no need to enter a password for every single device during the engineering process. UMC (User Management Control) also offers companies a helpful option: Users, or user groups, can now be easily imported from Microsoft Active Directory and saved on a central server.
Certificate management via OPC UA
When I talk about the steadily increasing fusion between OT and IT, that also includes OPC UA as an open standard, which makes this fusion possible. The OPC UA Global Discovery Server (GDS) now supports certificate management for the SIMATIC S7-1500 controller and updates OPC UA Server certificates, for example, during runtime. The benefit to you is that there is no need to interrupt production, you get increased access protection, and if the system is still compromised you can respond more swiftly.
I can fully understand if cyber security isn’t exactly your favorite subject. There’s a lot to think about, and so many possible points of attack for cyber criminals that you have to be aware of. But there’s no way to avoid having to deal with it. On the contrary, it’s better that you start sooner rather than later! As a central engineering framework, TIA Portal already gives you access to all the functions and settings you need. Your contacts at Siemens have a wealth of knowledge in the worlds of OT and IT, and will be happy to help bring this vast and complex topic within reach and implement it in your company.
This content was originally published here.