S7-1500 Security: Tips, Recommendations?

kdcui

Lifetime Supporting Member
K
Join Date
Dec 2007
Location
USA
Posts
386
As I'm getting up to speed on some of the latest versions of TIA Portal, I noticed there is lots of security features. I'm wondering if anyone can share some recommendations, tips, or best practices?

Siemens seems to have lots of different options. I'm particularly interested in:

  • Protection of PLC configuration data
  • Access Levels
  • Secure connections (PG/PC to HMI)

I am a bit weary of getting overcomplicated here, because I also don't want to run into a situation where a PLC needs to be replaced and there is no one around with the password.

The Access Levels, while comprehensive, seems to be a bit confusing.

Also - Siemens seems to be pushing hard on Certificates to ensure security / authentication. This is not very user friendly and I anticipate this could be problematic from persons not familiar with how this works.

Can anyone share thoughts or pitfalls to avoid, in order to balance security with useability? In my application it will be mobile equipment, not fixed assets at a site.

What I'm really looking to do is secure access for going online with the PLC and making unauthorized changes (I will be implementing "know-how" security on some code too).

Thanks!

Edit: There will also be physical security present to ensure unauthorized persons are not accessing critical components and gaining network access.
 
This may have changed, but you can give the user read access but not write access to modify the program. This tends to avoid the situation you mention.

Who issues said certificates? Wouldn't having to get your PLCs exposed to renew their certificates create more holes than it avoids?
 
Certificates can be self-certified within TIA Portal, although you have the ability to specify an certificate authority if there is one.

But renewal is certainly another concern of mine. It does not seem feasible in many applications, especially for OEMs who might have hundreds of systems floating around in the field.

In the case of OPC-UA - if you have operationally critical assets communicating and a certificate expires, this will bring down your process.

The only workaround I see is a) not use certificates as they are more trouble than it is worth or b) set certificate expiry to large number (50 years?), but this kind of defeats the purposes of certificates in the first place.
 

Similar Topics

H
Problem security in opc ua of plc s7 1500
Hi all, I'm config opc ua in plc s7 1500 . I'm having problem security in opc ua . I'm using app c# in siemen support to test read/wire data to...
Replies
0
Views
1,899
huynhtrong
H
C
Siemens S7-1500 Security
Has anybody experienced having their PLC hacked, We recently finished a machine refurb in Latin america, we provided them with an HMS lan/wan...
Replies
14
Views
8,757
karlek
karlek
A
PV1500+ security question
Is it possible to configure the PV logout / login functions so that they're triggered from the PLC? I want to log who starts what on my system...
Replies
2
Views
1,722
rbouws
R
K
use Simotion D ethernet port as gate to access S7-1500 plc program
Can we use a Simotion D455 ethernet port x127 as a gate, to access S7-1500 plc Tia Portal program ? In the Simatic manager, we used Netpro to do...
Replies
2
Views
87
mk42
M
J
Connecting a Micrologix 1500 to a PanelView Plus 7
I have been working on this for a while now and I can't seem to get it. I was finally able to view the 1500 on the PanelView under the serial...
Replies
1
Views
85
jscampbell210
J
Back
Top Bottom