Detecting potential security gaps –
thanks to holistic Security Analysis
Service Solutions
Instrumentation, Controls & Electrical
Life Cycle Services
Security Analysis
make up a holistic, modular security assessment system which evaluates the security
level of your plant according to established
standards.
Your benefits
■ Documentation of the
security level of all relevant
areas of your plant, using
robust and well-established
analysis method
■ Maximum availability of
your plant thanks to the
timely detection and
closing of security gaps
The Task
Today's I&C systems are ever more closely
networked, and make use of standardized
platforms from the IT sector. Against the
background of increasing cyber attacks it is
therefore important to obtain a precise picture
of the security level of the plant and its I&C
systems, in order to define and implement
protective measures if deficiencies are detected.
The availability of the plant must be the primary
dictum here.
Our Solution
With Security Analysis you receive a holistic,
modular vulnerability analysis, specifically
adapted to your plant, and oriented towards
established Security Standards (VGB-R175, ISO
IEC 27002, NERC CIP). Individual areas can be
analyzed and evaluated according to five threat
categories (from untargeted external attacks on
IT components through to targeted attacks from
inside on the I&C systems), in order to suggest
recommended actions to improve the security
level.
The assessment is performed in the following
stages:
 Definition of the norms/standards, threat
categories and topics to be analyzed
(predefined topics are IT security for I&C,
organization, rules, physical protection)
 Creation of a tailor-made list of questions
 Inspection of the plant and processing of
the list of questions (tool-based execution)
 Analysis and evaluation of the information
received
Drawing-up of tailor-made recommendations
and measures aimed at enhancing the overall
security level
The detailed evaluation of the security situation
is documented in tabular and graphical form for
the individual areas, as well as in an overview
for the management. Throughout the analysis
identified threats can be proactively resolved
afterwards. Measures specific to the plant are
documented in a final report, and brought
together in solution packages.
This creates the option of implementing these,
in a modular and flexible manner, depending
on their importance and the available budget.
For identified threats which it is currently
impossible to tackle with concrete countermeasures, security awareness within the
company is raised.
With our Security Analysis you can rely on a
robust and established methodology, without
having to invest a great deal of time, effort
and expertise yourself. In contrast to straight
security consulting, our analysis is based on
the specific needs of your plant. In addition,
as a system supplier we are in a position to
improve your I&C systems with respect to
security-related aspects.

The graphical analysis (spider web diagram) shows at a glance
the areas where action is required.
Answers for energy.
Published by and copyright © 2012:
Siemens AG, Energy Sector
Freyeslebenstrasse 1
91058 Erlangen, Germany
For more information contact
service4plants.energy@siemens.com
www.siemens.com/energy/service4plants
Siemens Energy, Inc.
Instrumentation, Controls, & Electrical
1345 Ridgeland Parkway, Suite 116
Alpharetta, GA 30004, USA
SVTC23_SecA_e_V1-0
Order no. E50001-G230-A314-X-4A00
Printed in Germany
Dispo 05401, c4bs-Nr. 7820
Printed on elementary chlorine-free
bleached paper.
All rights reserved.
Trademarks mentioned in this document are
the property of Siemens AG, its affiliates, or
their respective owners.
Subject to change without prior notice.
The information in this document contains
general descriptions of the technical options
available, which may not apply in all cases.
The required technical options should
therefore be specified in the contract.