To Office Net Plant Extension
Engineer Station
Maintain Station
Engineer Station
Primary I/O Server
Secondary I/O Server
PROFINET
PLC
Switch HMI
PLC
Switch HMI
PLC
?
• OPC, Modbus, ProfiNet/ ProfiBus, MMS, DNP3,
?
• RTU, IED PLC,
Page 5
Dr. Wen Tang
<for CN CERT Conference, 2013>
IT-Security, CT China, SLC
vs. IT
Office Security
Corporate Technology
IT-Security, CT China Dr. wen.tang@
<for CN CERT Conference, 2013> / Copyright © Siemens Ltd. China 2011. All rights reserved.
<for CN CERT Conference, 2013>
IT-Security, CT China, SLC
2
(2)
Historian DB Server Server
/
/
SCADA1 OPC Operation Server Station Engineer Station HMI OPC Client SCADA2 Application Network Server Printer To Office Net Plant Extension
Switch HMI
RFID
Distributed I/O
Remote Maintain Control Cell
Drives
Robot Control
Drives
Web Cam Motion Control
Control Cell
Control Cell
Page 7
Dr. Wen Tang
<for CN CERT Conference, 2013>
/
To Office Net Plant Extension
Engineer Station
Maintain Station
Engineer Station
Primary I/O Server
Secondary I/O Server
RT/IRT
PROFINET
PLC
Switch HMI
PLC
Switch HMI
HMI
SCADA2
To Office Net Plant Extension
DoS
Engineer Station
Maintain Station
Engineer Station
Primary I/O Server
Secondary I/O Server
PROFINET
PLC
Switch HMI
PLC
PLC
Switch
TCP/IP Windows
HMI
IPC
RFID
Distributed I/O
Drives
Robot Control
Drives
Web Cam Motion Control
/
Control Cell
Control Cell
Control Cell
Page 8
Dr. Wen Tang
HMI
SCADA2
To Office Net
IPC Windows
Engineer Station Maintain Station Engineer Station Primary I/O Server Secondary I/O Server
ecurity, CT China, SLC
6
(6)
Historian DB Server Server OPC Operation Server Station Engineer Station OPC Client Application Network Server Printer
SCADA1
2011
“
VPN
Page 4
Dr. Wen Tang
<for CN CERT Conference, 2013>
IT-Security, CT China, SLC
(Industrial Control System) Industrial Control System
SCADA
?
DCS
ICS •
RFID Distributed I/O Robot Control Drives Web Cam Motion Control
PC
Drives
Control Cell
Control Cell
Control Cell
Page 9
Dr. Wen Tang
<for CN CERT Conference, 2013>
Distributed I/O
Drives
Robot Control
Drives
Web Cam Motion Control
Control Cell
Control Cell
Control Cell
Page 11
Dr. Wen Tang
<for CN CERT Conference, 2013>
IT-Security, CT China, SLC
IT-Security, CT China, SLC
(1)
/
Historian DB Server Server OPC Operation Server Station Engineer Station OPC Client Application Network Server Printer
SCADA1
To Office Net
Engineer Station
Maintain Station
Engineer Station
Primary I/O Server
Secondary I/O Server Plant Extension
PROFINET
PLC
Switch HMI
PLC
Switch HMI
PLC
24/7/365
Confidentiality
OS Integrity Availability
Industrial Security
Availability
IT Integrity Confidentiality
Page 6
Dr. Wen Tang
<for CN CERT Conference, 2013>
IT-Security, CT China, SLC
1
(1)
IACS
Historian DB Server Server SCADA1 OPC Operation Server Station Engineer Station HMI OPC Client SCADA2 Application Network Server Printer
IT-Security, CT China, SLC
3
(3)
Historian DB Server Server
/
/
SCADA1 OPC Operation Server Station Engineer Station HMI OPC Client SCADA2 Application Network Server Printer To Office Net Plant Extension
IT-Security, CT China, SLC
4
(4)
Windows
Historian DB Server Server SCADA1 OPC Operation Server Station Engineer Station HMI OPC Client SCADA2 Application Network Server Printer To Office Net Plant Extension
Engineer Station
Maintain Station
Engineer Station
Primary I/O Server
Secondary I/O Server
PROFINET
DCOM Classic OPC
PLC HMI Switch HMI
PLC
Switch HMI
PLC
Switch
HMI
SCADA2
To Office Net Plant Extension
Engineer Station
Maintain Station
Engineer Station
Primary I/O Server
Secondary I/O Server
PROFINET
PLC
Switch HMI
PLC
Switch HMI
Engineer Station
Maintain Station
Engineer Station
Primary I/O Server
Secondary I/O Server
PROFINET