Cyber Security Services

Cyber threats are increasing, with serious consequences for companies and communities on a global level. Critical infrastructure like power transmission systemsare increasingly becoming the focus. Because information technology systems are the foundation of today's critical processes in most companies, they are at significant risk of being attacked by hackers or viruses. There can be serious consequences if these attacks result in data loss, theft of confidential data, or even a complete system failure. Even if the devices are not directly connected to the Internet, there are other possible risks such as manipulated IT devices or laptops from outside the station. Unauthorized changes to critical parameters and set-points, control commands, or device configurations can disrupt the power supply with serious, unforeseeable consequences for all participants in the power transmission chain. It's also of the utmost importance to understand that cyber security isn't a one-time task but rather an ongoing endeavor throughout the entire system's lifecycle in order to continuously fight new cyber threats.

To protect critical infrastructure, many governments around the world are imposing increasingly stringent cybersecurity regulations on transmission system operators.

Standardized cybersecurity certifications will help our customers to demonstrate the cybersecurity of their assets to regulators, insurers, investors and the public and simplifies proof of compliance with the respective regulatory requirements.

Siemens Energy is the only major supplier in the field of HVDC and FACTS solutions holding the IEC 62443 2-4 and 3-3 certificate for our reference architecture.

IEC 62443 is the leading international standard for the IT security for industrial communication networks. It provides a holistic security framework for Industrial Automation & Control Systems (IACS).

In order to support its customers in the face of the growing risk of cyber threats, Siemens Energy has developed a comprehensive cyber security service portfolio for HVDC and FACTS. The service portfolio comprises different steps to strive for cyber security. These services include the identification of cyber vulnerabilities; the protection of all systems from cyber threats, including a fast service response to cyber incidents, and finally consulting and awareness trainings.

The Bronze version includes monthly newsletters on available security patches relevant to customers' systems. They inform users about the impact and criticality of vulnerabilities and possible solutions.

Additional Web links to vendor's Web pages for security patch downloads are also provided. The Bronze service provides valuable information to keep the customer up-to-date and aware about cyber threats but without pre-testing.

The more advanced Silver version offers testing of security patches on a Siemens Energy generic testbed and on a customer-specific maintenance and training simulator (MTS). The generic testbed is a Siemens Energy facility specifically designed for HVDC/FACTS systems with a generic, non-customer-specific hard- and software for testing purposes – but it doesn't cover the full configuration of all customer’s operational systems. Therefore, if security patches may not be able to be tested on the testbed, Siemens Energy will evaluate alternative mitigation measures.
If the customer owns a maintenance and training simulator (MTS), Siemens Energy will conduct further testing on the customer's MTS as part of the Silver service. Because the structure and components of the MTS are similar to the customer’s operational system, the testing scope and results will be very close to those of the operational system.

The highest-level Gold version comprises the installation of tested security patches on the site of the operational system during scheduled yearly outages on a regular basis. This includes preparation, secure backup, patch installation, basic testing, and documentation.

With the Bronze, Silver, and Gold services, Siemens Energy provides a one-stop service solution for security patch management. The company identifies and manages vulnerabilities and security patches seamlessly and efficiently – all from a single source.

Because Siemens Energy is an original equipment manufacturer of their components, its experts can draw on extensive and detailed in-house expertise. This, in turn, also makes security patch management a customized approach, because Siemens Energy knows the customer's specific HVDC/FACTS systems and software. The key contributions that ensure system performance are the cyber security experts. Siemens Energy provides highly experienced cyber security experts and a vulnerability expert team with a strong global presence. These experts have direct access to vendors and portals and can draw on a large number of information sources.

Thanks to these service offerings, customers' systems can be optimally patched and protected from the increasing variety of cyber threats and these risks can be significantly reduced.

Cyber security services

Cyber security services for HVDC and FACTS

Contact

Siemens Energy - only major supplier for HVDC / FACTS holding Certificates for Reference Architecture

TÜV SÜD Certificates IEC 62443-2-4 & IEC 62443-3-3

Security Program for the Blueprint "High-Voltage Direct Current (HVDC)"

Security Program for the Blueprint "Flexible AC Transmission Systems (FACTS)"

A cyber security service portfolio you can count on

Everything you need to protect your HVDC and FACTS systems

Three levels of security patch management

Bronze – Silver – Gold

One-stop service solution

Our knowledge for your benefit

Information

Cyber Security for HVDC & FACTS

Customer Support

We’re at your service

Contact us