Siemens Process Control System First Product with IEC 62443 Security Certification

• TÜV SÜD certifies that the Siemens Simatic PCS 7 process control system conforms with the security standards IEC 62443-4-1 and IEC 62443-3-3

• Simatic PCS 7 is the first product to be certified by TÜV SÜD according to IEC 62443

• Comprehensive security measures and functions to protect plant operation Siemens is the first company to obtain security certification from TÜV SÜD (German inspection and certification organisation) for an automation system based on IEC 62443-4-1 and IEC 62443-3-3. In August 2016, Siemens had already become the first company to receive the TÜV SÜD security certification according to IEC 62443-4-1 for the general development process for automation and drive technology products, including industrial software, employed at seven German development locations. This has now been followed by the first product certification according to IEC 62443-4-1 and 62443-3-3.

For the product certification according to IEC 62443-4-1 and 62443-3-3, TÜV SÜD tested and verified the security functions implemented in the Simatic PCS 7 process control system. The conformity of development and integration processes was also checked. Regularly repeated audits will also ensure that Simatic PCS 7 continues to meet the required standards and concepts in future, and so retain the right to bear the certification. As a leading automation and software supplier to industry, Siemens is continually improving its products and solutions in terms of industrial security. This also includes certification based on IEC 62443. With this certificate, the company documents its security approach to automation products, and gives integrators and operators a transparent insight into its industrial security measures.

The Simatic PCS 7 process control system from Siemens controls and monitors continuous manufacturing processes, such as those in chemical and cement plants, the water and waste water sector, and the pharmaceuticals industry. As plant downtime in these industries can have enormous effects, both functional safety and industrial security are very important. Simatic PCS 7 provides a large number of functions for industrial security: These include segmentation into zones and security cells, the security of access points and user authentication, secure communication, patch management, system hardening, virus scanners and whitelisting. The comprehensive security measures and functions for Simatic PCS 7 contribute toward safeguarding plant operation, and so avoid plant downtimes and expensive outage times.

Background information:

The international standard IEC 62443 describes an IT security concept based on the deeply tiered "defense-in-depth" approach, in which device and system suppliers, system integrators and operators are involved and contribute toward the overall solution. On the basis of lEC 62443, companies can examine the potential weak points in their control system and develop effective protective measures. The standard covers:

• IEC 62443-1-x documents: Explain the standard, as well as the terms and concepts.

• IEC 62443-2-x documents: Describe a management system and specifications to provide IT security for control systems. This involves the continual improvement in the company, the assessment of risks, and IT security specifications for processes and organizations.

• IEC 62443-3-x documents: Describe security function specifications for the control systems in production and process automation. This means the control and monitoring of continuous and discrete manufacturing processes.

• IEC 62443-4-x documents: Describe the requirements placed upon the product development process and on components of an automation solution.

For further information, please see www.siemens.com/industrialsecurity

For further information on PCS 7 Security Concept, please see www.industry.siemens.com/topics/global/en/industrial-security/system-integrity/process-automation/Pages/Default.aspx

For further information on TÜV Süd: Certification according to IEC 62443, please see www.tuev-sued.de/home-en/focus-topics/embedded-systems/industrial-it-security/certification-acc.-to-iec-62443

For further information on Siemens at the SPS IPC Drives 2016, please see www.siemens.com/sps-ipc-drives and www.siemens.com/press/sps2016

Contact for journalists:

Gerhard Stauss

Phone: +49 (911) 895-7945;

E-mail: Gerhard.Stauss@siemens.com

Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for more than 165 years. The company is active in more than 200 countries, focusing on the areas of electrification, automation and digitalization. One of the world’s largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of efficient power generation and power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive and software solutions for industry. The company is also a leading provider of medical imaging equipment - such as computed tomography and magnetic resonance imaging systems - and a leader in laboratory diagnostics as well as clinical IT. In fiscal 2016, which ended on September 30, 2016, Siemens generated revenue of €79.6 billion and net income of €5.6 billion. At the end of September 2016, the company had around 351,000 employees worldwide. Further information is available on the Internet at www.siemens.com.

Siemens AG

Communications

Head: Clarissa Haller

Wittelsbacherplatz 2

80333 Munich Germany

All Topics