Security Design - Siemens SIPROTEC 5 Operation Manual

Security Settings in the Device

10.1 Security Design

10.1

Security Design

Due to the increasing integration of bay units in Ethernet-based communication network, you must secure the
communication against internal failures and attacks from outside. The specifications published by the North
American Electric Reliability Council for critical infrastructure protection - NERC-CIP, for short - and the white
paper published by the German Association of Energy and Water Management (BDEW) contain requirements
for the safe operation of devices in critical communications infrastructure. These requirements are addressed
to manufacturers and operators.
Security must be incorporated into the design of devices right from the start. This is implemented consistently
in SIPROTEC 5. Measures in the hardware ensure the secure use of signed files. These are provided to protect
the firmware files and data records of the device. Secure storage of key material on the device makes secure
communication between DIGSI 5 and the device possible. The following items give you a high level of security
when integrating the SIPROTEC 5 device in the network:
•
Protection against attacks from the network
•
Multi-stage safety concept in the operating state
•
Logging of authorized and unauthorized access
•
Logging of safety-critical actions
You can switch off unused Ethernet services. If, for example, the RSTP redundancy log is not being used, you
can switch it off using DIGSI 5. This gives a potential attacker no open interfaces and only utilized services are
activated in a network.
[scproest-230311-01.tif, 1, en_US]
Figure 10-1
202
Switching off Unused Ethernet Protocols Using DIGSI 5
SIPROTEC 5, Operation, Manual
C53000-G5040-C003-7, Edition 06.2016