Historically, automation systems have relied on “security through obscurity“ to avoid computer attacks. Those days are gone. While the number of actual attacks on automation systems has been small, the tools needed to conduct these attacks are now loose in the “wild“, and the potential losses from an attack are large.
Requirements for MIS and MES integration with the control system, as well as program backup and maintenance activities eliminate the possibility of security through lack of connectivity. With careful system design and security-aware practices, security risks can be controlled. Network design complying with the ISA-99 recommendations places barriers between external threats and your control system. Proper configuration of security options on control system equipment can erect further barriers to attacks. Creation of, and adherence to operating policies can limit threats from non-network sources.
Read the whitepaper: Siemens PLC Best Practices Automation Security