User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

siemens.com/desigocc

Desigo CC 3.0

Product Family

Cybersecurity Meets Building

Management Systems

Introduction

We live and work in an exciting era. It’s one defined by Industry 4.0 – the

digitalization of business. Digitalization provides numerous advantages,

including greater convenience and increased efficiency. It also presents

security challenges. Cyber attacks are a constant and increasing threat due

to the across-the-board connectivity that makes digitalization possible.

In today’s connected world, the likelihood of a cyber attack is high.

How do you confidently face and mitigate cyber threats? You take a holistic

approach to security measures across all aspects of your organization.

This includes making sure the building management systems that manage

your facility’s infrastructure are well prepared.

At Siemens Building Technologies, we believe security begins during product

development. We’ve adopted a “think security” philosophy in the development

of our products, including the Desigo CC 3.0 family of building management

products, solutions, and services. This paper provides insight into how Siemens

approaches cybersecurity requirements during the Desigo CC 3.0 product

development and lifecycle management processes.

Before discussing cybersecurity, let’s define it. For this document, we define

cybersecurity as the protection of life and company assets from harm caused

by digital attacks against the availability, confidentiality, integrity, authenticity,

and reliability of information in cyberspace. Cyberspace is the complex system

of interaction between people, software, and services that is facilitated by

using technical means to connect them to the Intranet and Internet.

Summary of content (5 pages)

PAGE 1
Desigo CC 3.0 Product Family Cybersecurity Meets Building Management Systems Introduction We live and work in an exciting era. It’s one defined by Industry 4.0 – the digitalization of business. Digitalization provides numerous advantages, including greater convenience and increased efficiency. It also presents security challenges. Cyber attacks are a constant and increasing threat due to the across-the-board connectivity that makes digitalization possible.
PAGE 2
Desigo CC | Cybersecurity Meets Building Management Systems Let’s also define what it means to take a holistic approach to security. Leading companies and institutions take into account four key factors that impact security strength – people, communication, processes, and technology.
PAGE 3
Desigo CC | Cybersecurity Meets Building Management Systems Product security verification & validation Specialist cybersecurity skills & consultancy Security design measures aligned to IEC62443 Regular manual penetration testing Established incident handling process: Siemens ProductCERT Company-wide cybersecurity initiative Provide solid product foundation Automated testing tools & methods Continuous vulnerability & threat monitoring Employee know-how Customer security objectives & requirements S
PAGE 4
Desigo CC | Cybersecurity Meets Building Management Systems Re p o r t A n alys is H a ndling Disclosu re Figure 3 – Desigo CC Incident and Vulnerability Handling Process Desigo CC Cybersecurity Deployment We publish cybersecurity hardening guidelines to support the secure commissioning and deployment of Desigo CC products. These guidelines describe how the system needs to be configured in order to foster secure operation of the Desigo CC products and solutions in the intended operating environment.
PAGE 5
Desigo CC | Cybersecurity Meets Building Management Systems Conclusion As a market leader in building technologies, we understand the challenges you face in meeting your cybersecurity needs in today’s world. Our comprehensive security approach to the product lifecycle means our Desigo CC products, solutions, and services are designed with your security in mind. Therefore, Desigo CC can be part of your holistic approach to security that takes people, processes, technology and communication into account.