User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

siemens.com/desigocc

Desigo CC | Cybersecurity Meets Building Management Systems

“Principle of Least Privilege”

The Principle of Least Privilege has been a staple of

information security since it was introduced by Jerome

Saltzer and Michael Schroeder in 1975.

It’s based on the

concept that careful delegation of access rights according

to job duties can limit damage from both system users and

potential hackers. It calls for authorized users of a system

to have the minimum necessary access – or privilege – and

for the shortest duration needed to get their work done.

It can also be used to limit the number of interactions

possible so that unintentional, unwanted, or improper use

of privileges is less likely to occur. When properly applied,

least privilege helps prevent the damage that can result

from a user’s accident or error and helps limit what a hacker

can do based on the user account that’s been compromised.

The least privilege principle is helpful at every level of a

system and for any user, database, and process. We apply it

to our systems based on a user’s “need to know,” limiting

data and application access to the minimum needed for a

specific task. This is crucial in the event of a successful

cyber attack because the hacker gains the privileges of the

user account accessed. If an attack is through the account

of an employee with administrative privileges, an infection

can spread system-wide. Therefore, a user who doesn’t

need administrative access should work with fewer privileges

and limited scope whenever appropriate. It’s also important

that technical users have only the minimum privileges

needed to access the resources they are working on and

not more. Otherwise, if a technical user’s account is

compromised, a hacker can misuse the designated

privileges to perform unwanted activities such as dropping

an entire database or installing malware.

“Separation of Duties Principle”

Another IT security concept that’s closely related to the

Principle of Least Privilege is the Separation of Duties

Principle. It divides critical functions among different

authorized users to prevent fraud and other abuses by

employees or other authorized people. It states that no user

should be given enough privileges to misuse the system on

his or her own. Separation of duties can be enforced either

by defining roles that can’t be executed by the same user

or by enforcing the four-eyes principle at access time. In the

latter, the first person to execute a two-person operation

can be any authorized user, while the second person must

be a different authorized user.

As part of our holistic approach to cybersecurity for our

offerings, we use the least privilege principle to address

the complete lifecycle of a system, from design, to

commissioning and operation, to migration and

decommissioning. Direct benefits of applying the principle

are better security and minimized attack surface. Beyond

this, there may be additional benefits in stability, traceability,

and other resource-dependent services.

ISA/IEC 62443

Digitalization and cybersecurity are two closely interrelated

topics that are of great strategic importance for organizations

around the world. Our Desigo CC family of building

management, danger management, and power management

software systems plays an important role in the digitalization

of buildings. When it comes to the cybersecurity of our

portfolio, Siemens takes a comprehensive approach that is

driven by international standards.

One of the most important standards is ISA/IEC 62443,

developed by the International Society of Automation

(ISA) and adopted by the International Electrotechnical

Commission (IEC). ISA/IEC 62443 has proven its worth in

the industrial automation environment. It’s aimed at plant

operators, integrators, and component manufacturers,

and covers the urgent security-relevant aspects of

industrial security.

Desigo CC products are developed according to ISA/IEC

62443. The deployment of Desigo CC is compliant to

ISA/IEC 62443-3-3 Security Level 2 (SL2) “protection

against intentional violation using simple means with

low resources, generic skills, and low motivation.”

Smith, Richard E. “A Contemporary Look at Saltzer and Schroeder’s 1975 Design Principles,” IEEE Security & Privacy, Volume 10, Issue 6, Nov.-Dec. 2012.