Cybersecurity
Combine the real and digital worlds securely – with Cybersecurity for Industry
The threat of cyberattacks against industrial plants is real and their frequency is constantly increasing. The comprehensive protection of industrial plants against internal and external cyberattacks requires an approach that covers all levels simultaneously – from the operational to the field level and from the protection of data to secure communication.
Find out more about our Cybersecurity and how we can help, speak with our experts.
The Challenge
Industries harnessing the potential of digitalisation become open to the risk of cyberthreats.
One of the industries' greatest challenges of digitalisation is optimally and securely handling data at all times.
The growing connection between production networks and office networks as part of IT/OT integration and the utilisation of the Internet of Things have many benefits for industrial companies, including digitalised processes and cross-company collaboration in ecosystems. At the same time, they also increase the risk of cyber threats. With industrial cybersecurity, we enable the comprehensive protection of systems and plants.
Megatrends bring a lot of challenges to industries
Digitalisation
The increasing cyber-security attacks coming from the increasing amount of data and connected devices driven by digitalisation, and the higher security risk caused by a growing complexity of data usage and open networks remains a challenge to many industries.
Lack of skilled workforce
Despite the significant advancement on technology today, the industry is still missing relevant knowledge on how to deal with cybersecurity challenges in addition to the lack of skilled workforce on the market due to the many specific skills needed for the topic.
Increasing legal regulations
Because of the growing threats, more security compliance are being implemented and there is more to follow. There is also a great deal of difficulty in understanding the status of then facility and preventing human errors that affect the security of the solution.
Globalisation
Ensuring remote work-independent of the location, and securing the data exchange and communication between and within globally working companies remains a struggle for many industries while addressing the growing demands of globalisation.
Cybersecurity is even more important now than before.
- Exponential growth of vulnerabilities with digitalisation increases the attack surface
- Connected factories are ill-equipped to defend against cyber attacks
- Clients need end-to-end OT services and solutions
The NIS 2 Directive
The importance of Industrial Cybersecurity is growing as threats increase. Legislators are requiring more and more industries and companies to improve the protection of their businesses and customers.
As of October 17, 2024, the EU’s mandatory cybersecurity directive, NIS 2, will be implemented and is expected to enter into force at that time or for the foreseeable future thereafter. Companies in certain industries must demonstrably take appropriate cybersecurity measures and report serious incidents. Find out if you are affected and how we can support you!
What is NIS 2 regulation?
Stricter cybersecurity regulations in the EU
The EU has introduced a new cybersecurity legislation called the Network and Information Security 2 (NIS 2) Directive. This directive represents a significant enhancement to the existing NIS directive, mandating EU Member States to adopt and rigorously enforce stricter cybersecurity regulations.
Deadline
By 17 October 2024, Member States must adopt and publish the measures necessary to comply with the NIS 2 Directive. They shall apply those measures from 18 October 2024.
Who does NIS 2 apply to?
Find out if your company is subject to the NIS 2 Directive
The scope of the NIS 2 directive encompasses all organisations, including companies and suppliers, that play a crucial role in sustaining the European economy and society by delivering essential or important services. If your organisation falls under any of the following categories and meets the criteria of having more than 50 employees and a turnover exceeding €10 million, compliance with the NIS 2 directive becomes mandatory.
What are the main points of the NIS 2 Directive?
Improve resilience against cybercrime
The new NIS 2 Directive aims to enhance the resilience and incident response capabilities of both the public and private sectors. The directive specifically focuses on combatting cybercrime and improving both European and national cybersecurity management.
What is the status of NIS 2?
The NIS-2 Directive was published in the Official Journal L333 of the European Union on December 27, 2022. It comes into force on the twentieth day following its publication. Member States must transpose the directive into national law within 21 months of its entry into force.
Is NIS 2 mandatory?
Facts that management should be aware of.
The management bodies of essential and important entities approve the cybersecurity risk management measures taken by those entities to comply with the NIS 2 minimum cybersecurity risk management measures (Article 21). They oversee their implementation and can be held liable for violations of this article by the entities.
Members of the management bodies of essential and important entities are required to undergo training, and shall encourage essential and important entities to provide similar training to their employees on a regular basis.
What is the difference between NIS 1 and NIS 2?
Updated EU cybersecurity requirements
NIS 2 is an updated version of NIS that provides improved guidance and clarity on the EU’s cybersecurity requirements. It expands the scope of essential and important entities, specifies management liabilities, outlines how controls should be carried out, and addresses how breaches should be reported. For the first time, directors are liable with their personal assets if they fail to comply with legal requirements. In summary, NIS 2 is an enhanced version of NIS that offers more comprehensive and detailed cybersecurity guidelines.
Join the FREE* Seminar on Cybersecurity
Parmley Graham, in association with Siemens are hosting a Cybersecurity Seminar.
4th June 2024 | 9am - 5pm
Parmley Graham – Halesowen Branch
248 Coombs Road,
Halesowen,
West Midlands
B62 8AA
5th June 2024 | 9am - 5pm
Siemens House – Manchester
Sir William Siemens House,
Princess Road,
Manchester
M20 2UR
* Limited spaces available.
Defense in Depth
Addressing the strong need for protection of automation systems and OT against cyberthreats.
The Siemens Defense in Depth is a multi layered cybersecurity concept which provides an effective protection to protect automation plants.
Plant Security
- Systems to prevent unauthorised access to critical components
- Consulting services to define and implement processes and guidelines according to IEC 62443-2-1 and 3-3
- Continuous Security monitoring
of the plant and network - Fully scalable plant protection concept
- Standard conform security guidelines tailored
to the customer organisation - Identify and react on security threats in daily operation
Network Security
- Cell protection, perimeter network and trusted zones
- Firewalls and VPN
- Design, conception and realisation of a network security concept, to prevent unauthorised access and to protect the industrial communication
- Prevention of unauthorised access and espionage of data
- Secure remote access and telecontrol services via public networks (internet)
- Increased plant availability
- Easy to operate – time and cost saving
System Integrity
- System hardening
- Patch Management
- Authentication and access protection
- Design and implement measures to protect automation systems against a variety of threats and design complete solutions for maximum protection over the system lifecycle
- Increased plant availability
- Identifying threats and vulnerabilities over the
lifecycle - Use of certified secure developed Siemens
products according to IEC 62443-4-1 - Comprehensive long-term protection through
continuous monitoring and security management
Comprehensive security concept as recommended by IEC 62443.
Defense in Depth provides a multilayer security concept that gives plants both all-round and in-depth protection as recommended by the international standard IEC 62443.
It’s aimed at plant operators, integrators, and component manufacturers alike, and covers all security-related aspects of industrial cybersecurity.
Physical protection and security management for automation systems
Plant security employs various methods to prevent unauthorised persons from physically accessing critical components, ranging from conventional building access to the securing of sensitive areas by means of key cards.
Tailored Industrial Cybersecurity Services from Siemens include processes and guidelines for comprehensive plant protection. These range from risk analysis, to the implementation and monitoring of suitable measures, all the way to regular updates.
Secure communication in industrial networks
Safeguarding automation systems and control components
Whether your goal is to protect existing know-how or to exclude unauthorised access to your automation processes from the very start as a way of preventing faults in your production processes – we help you implement targeted measures to protect against a variety of threats and design complete solutions for maximum protection.
Our integrated security features provide comprehensive protection against unauthorised configuration changes at the control level and unauthorised network access. They prevent the copying of configuration data and make it easier to detect any attempts to manipulate these files.
Specific cybersecurity concepts for industry
Cybersecurity for Industry that’s proven in practice
Multilayer Defense-in-Depth concept
Products hardened ex works
Proactive protection against threats
Protected in every aspect
Take cybersecurity in your company to the next level
Certification and standards
Improve the security of your industrial plant based on the latest certifications and all relevant IT security standards. Drawing on our many years of experience, we advise you on the selection and implementation of suitable standards.
Cybersecurity Services
SITRAIN security training
To find out more about cybersecurity and how we can help you with it, please speak with our experts.
For your specific requirements, talk to us.
To see how we can help with your systems or if you have any enquiry, please get in touch – we’ll be pleased to help. Send us an email at support@parmley-graham.co.uk or fill the form below.
We are Siemens trusted and approved distribution partner.
As a Value Added Reseller in Siemens’ Approved Partner network, Parmley Graham are a proven supplier of a wide range of quality products in the UK and globally.
Find out more how this will benefit you or check Siemens Configurator.
