Security Properties Of The Devices; Secure Operation Of The System; Hardening Measures - Siemens SIMATIC S7-1500 System Manual

Industrial cybersecurity

4.6 Security properties of the devices

Physical production security
The following measures can be included in assuring physical production security:
• Separate access control for critical areas, such as production zones.
• Installation of critical components in lockable cabinets/control rooms with monitoring and
alarm capabilities. The cabinets/control rooms must be secured with a cylinder lock. Do
not use simple locks, such as universal, triangular/square, or double-bit locks.
• Radio field planning to limit WLAN coverage areas, preventing them from extending
beyond defined zones (e.g. factory floor).
• Guidelines that prohibit the use of external data storage media (such as USB flash drives)
and IT devices (such as laptops) classified as unsafe on systems.
4.6 Security properties of the devices
The security properties of the individual devices are listed in the Equipment Manuals.
4.7

Secure operation of the system

This section describes measures recommended by Siemens to protect your system from
manipulation and unauthorized access.
4.7.1

Hardening measures

System hardening, also simply referred to as hardening, is the secure configuration of
products or systems. The aim is to close security gaps and take various measures to reduce
the attack surfaces for cyberattacks.
Measures for system hardening include, for example:
• Secure configuration in which only necessary software components and services are
installed or activated for proper operation.
• Access control, by which a restrictive user and rights management system is implemented.
42
S7-1500R/H redundant system
System Manual, 01/2024, A5E41814787-AF