User Manual
2
Cyber Security Basics
12
Siemens Application Note
Smart Infrastructure
2 Cyber Security Basics
2.1 Introduction
Cyber Security includes all mechanisms for defending IT systems (such as
computers, devices like primary controllers or web servers of a building automation
system) against loss of system and information confidentiality, integrity and
availability through unauthorized access, disruption, modification, destruction or
retrieval of confidential information as well as the usage of information gained
without authorization through fraud and other criminal acts. Cyber Security can be
implemented according to the requirements set out by different industry and
national standards that usually define various protection levels depending on the
usage of the system and the acceptable risk level.
So far, the large majority of Cyber Security breaches have been attacks on
traditional computer systems, such as internet, intranet or home networks.
Damages caused include denial of service, theft of critical private and business
information, the defrauding of bank accounts and credit cards and, most recently,
so-called ransom ware.
In contrast, there have been fewer attacks on industrial controllers, such as
building automation controllers because they mostly run on proprietary operating
systems, the hardware has limited functionality and they are rarely connected to
other networks.
Recently, industrial controllers have started to adopt mainstream computer
standards in order make them cheaper and more powerful; they are also very often
connected to other customer networks and the internet which, in turn, makes them
more vulnerable to attackers. Moreover, interconnections can be used to launch an
attack from the corporate network to the automation one and vice versa.
Therefore, it becomes important to provide an adequate level of security together
with modern building technology solutions.