Certified security in the development process for Siemens automation products
The TÜV SÜD certificate based on IEC 62443 confirms Siemens security in the development process for automation products
Siemens is the first company worldwide with a TÜV SÜD-certified development process based on IEC 62443-4-1
Secure development is an important component in the "Defense in Depth" protection concept
As the first company to receive TÜV SÜD certification based on IEC 62443-4-1 for the interdisciplinary process of developing Siemens automation and drive products, including industrial software, Siemens received the certification at seven development sites in Germany. Among other things, these sites are developing Simatic S7 industrial controllers, Simatic industrial PCs, Simatic HMI (Human Machine Systems Interface) devices for operator control and monitoring, and Sinamics drives as well as the TIA (Totally Integrated Automation) Portal engineering software. The international series of standards IEC 62443 defines the security measures for industrial automation systems, with Part 4-1 of the standard describing the requirements of the manufacturer's development process.
The TÜV SÜD certificate is based on the standard IEC 62443-4-1 (Secure Product Development Lifecycle Requirements, Draft 3 Edition 10, 01.2016). This standard includes security-relevant requirements such as capabilities and expertise, security of third-party components, process and quality assurance, secure architecture and design, and issue handling as well as security updates, patches and change management.
As a leading automation and software supplier for industry, Siemens is continuously improving its products and solutions with regard to industrial security. This also includes the certification based on IEC 62443-4-1. With this achievement, the company is documenting its "Security by Design" approach for automation products and is giving integrators and operators a transparent insight into the IT security measures. Integrators and operators use this for the conception and operation of automation processes and systems using Siemens technology and the "Defense in Depth" protection concept.
To ensure comprehensive protection of industrial plants from internal and external cyber attacks, all levels must be protected simultaneously – ranging from the plant management level to the field level and from access control to copy protection. This is why our approach to comprehensive protection offers defense throughout all levels – “defense in depth”. This concept is according to the recommendations of ISA99 / IEC 62443 – the leading standard for security in industrial applications.
For further information please see www.siemens.com/industrialsecurity
TÜV Süd: Certification according to IEC 62443: http://www.tuev-sued.de/home-en/focus-topics/embedded-systems/industrial-it-security/certification-acc.-to-iec-62443
Follow us on Social Media:
Twitter: www.twitter.com/siemens_press and www.twitter.com/SiemensIndustry
Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for more than 165 years. The company is active in more than 200 countries, focusing on the areas of electrification, automation and digitalization. One of the world's largest producers of energy-efficient, resource-saving technologies, Siemens is No. 1 in offshore wind turbine construction, a leading supplier of gas and steam turbines for power generation, a major provider of power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive and software solutions for industry. The company is also a leading provider of medical imaging equipment - such as computed tomography and magnetic resonance imaging systems - and a leader in laboratory diagnostics as well as clinical IT. In fiscal 2015, which ended on September 30, 2015, Siemens generated revenue of €75.6 billion and net income of €7.4 billion. At the end of September 2015, the company had around 348,000 employees worldwide. Further information is available on the Internet at www.siemens.com.