Detecting potential security gaps – thanks to holistic Security Analysis Service Solutions Instrumentation, Controls & Electrical Life Cycle Services Security Analysis make up a holistic, modular security assessment system which evaluates the security level of your plant according to established standards. Your benefits ■ Documentation of the security level of all relevant areas of your plant, using robust and well-established analysis method ■ Maximum availability of your plant thanks to the timely detection and closing of security gaps The Task Today's I&C systems are ever more closely networked, and make use of standardized platforms from the IT sector. Against the background of increasing cyber attacks it is therefore important to obtain a precise picture of the security level of the plant and its I&C systems, in order to define and implement protective measures if deficiencies are detected. The availability of the plant must be the primary dictum here. Our Solution With Security Analysis you receive a holistic, modular vulnerability analysis, specifically adapted to your plant, and oriented towards established Security Standards (VGB-R175, ISO IEC 27002, NERC CIP). Individual areas can be analyzed and evaluated according to five threat categories (from untargeted external attacks on IT components through to targeted attacks from inside on the I&C systems), in order to suggest recommended actions to improve the security level. The assessment is performed in the following stages: Definition of the norms/standards, threat categories and topics to be analyzed (predefined topics are IT security for I&C, organization, rules, physical protection) Creation of a tailor-made list of questions Inspection of the plant and processing of the list of questions (tool-based execution) Analysis and evaluation of the information received Drawing-up of tailor-made recommendations and measures aimed at enhancing the overall security level The detailed evaluation of the security situation is documented in tabular and graphical form for the individual areas, as well as in an overview for the management. Throughout the analysis identified threats can be proactively resolved afterwards. Measures specific to the plant are documented in a final report, and brought together in solution packages. This creates the option of implementing these, in a modular and flexible manner, depending on their importance and the available budget. For identified threats which it is currently impossible to tackle with concrete countermeasures, security awareness within the company is raised. With our Security Analysis you can rely on a robust and established methodology, without having to invest a great deal of time, effort and expertise yourself. In contrast to straight security consulting, our analysis is based on the specific needs of your plant. In addition, as a system supplier we are in a position to improve your I&C systems with respect to security-related aspects. The graphical analysis (spider web diagram) shows at a glance the areas where action is required. Answers for energy. Published by and copyright © 2012: Siemens AG, Energy Sector Freyeslebenstrasse 1 91058 Erlangen, Germany For more information contact [email protected] www.siemens.com/energy/service4plants Siemens Energy, Inc. Instrumentation, Controls, & Electrical 1345 Ridgeland Parkway, Suite 116 Alpharetta, GA 30004, USA SVTC23_SecA_e_V1-0 Order no. E50001-G230-A314-X-4A00 Printed in Germany Dispo 05401, c4bs-Nr. 7820 Printed on elementary chlorine-free bleached paper. All rights reserved. Trademarks mentioned in this document are the property of Siemens AG, its affiliates, or their respective owners. Subject to change without prior notice. The information in this document contains general descriptions of the technical options available, which may not apply in all cases. The required technical options should therefore be specified in the contract.