TÜV Certifications for Siemens Process Control Systems in the Water and Waste Water Industry
TÜV certified Siemens solutions for cybersecurity in the water industry. (Image source: Siemens Aktiengesellschaft)
Siemens offers proven and certified security concepts for cyber security, for example the Defense-in-Depth concept, special reference solutions, and associated services as an integral part of plant design, engineering and operation. Users benefit from seamless concepts and solutions – with Siemens as their reliable partner.
Faced with a changing automation and IT landscape alongside the growing threat of cyber attacks, legislators are demanding that operators protect critical infrastructures – such as those in the water/waste water industry – by implementing appropriate protective measures for their plants and systems in order to ensure security of supply. Due to the specific conditions in the water industry, systems, solutions and services for industrial security must meet specific requirements and for example balance the demands of secure operation including virus and security checks on the one hand and high availability with real-time capability on the other hand. As a leading provider of industrial automation solutions, Siemens was in 2016 the first company to follow a secure development process that is certified to IEC 62443-4-1 – the leading standard for security in industrial automation – for all products and systems in the field of industrial automation, communication and drive technology, including industrial software.
Certified systems for the water industry
Since April 2020, Siemens – as one of the first system and solution providers – has been providing reference architectures (blueprints), which are tailored specifically to the needs of the water/waste water/desalination industry. These blueprints and the corresponding documentation for the secure configuration of process control system and communication were certified to IEC 62443-3-3 for the first time in April 2020 by TÜV-Süd. The documents, which are available both to the Siemens project teams and to system integrators, provide a solid basis for a cyber security concept and enable low-cost and low-risk adaptations in order to meet customer-specific requirements. Siemens therefore helps the operators of critical infrastructures to reach appropriate security levels for their plants that meet national standards – e.g. B3S WA and BSI Manual for Basic IT Security, which takes into account international standard IEC 6244. The security functions are an important part of the Simatic PCS 7 process control system, which was certified to IEC 62443-3-3 in 2016, and which includes the Scalance portfolio with routers, switches and firewalls. On this basis, the blueprints offer Defense in Depth for plant security, network security and system integrity, covering all relevant functions from the field level through control rooms and remote control technology to comprehensive network management.
Certified solutions for the water industry
Since November 2018, Siemens has been certified to IEC 62443-2-4 for its security-related capabilities, which are offered to users as part of application engineering and integration/maintenance services for an automation solution. Together with the certification of blueprints, Siemens was also certified in April 2020 as a solution provider as per IEC 62443-2-4 specifically for applications in the water/waste water/desalination industry. This includes special training for employees in the field of project management and application engineering, processes in project development and collaboration with customers, methods for engineering and commissioning through to tests of the implemented security features for an installed solution.
Source: Siemens Aktiengesellschaft