Cybersecurity: Building defence-in-depth into smart factories

According to Siemens’ white paper Cybersecurity for Industry, protecting this interconnected landscape is no longer optional; it is foundational to achieving resilient, flexible, and competitive operations.

Becoming a true Digital Enterprise requires more than just new technologies – it demands trust in the infrastructure that supports them. The Siemens report emphasises that the growing value of data, often called the “new gold,” makes companies increasingly attractive targets for cybercriminals. At the same time, industrial systems often lack the built-in defences found in traditional IT environments. This convergence of vulnerability and value creates a perfect storm for cyber threats.

To counter these risks, Siemens advocates for a holistic, multilayered “defence-in-depth” approach based on international standards like IEC 62443. This includes plant security (e.g., physical access control), network security (e.g., segmentation, firewalls, and VPNs), and system integrity (e.g., secure engineering environments and patch management). Zero Trust principles – where no user or device is implicitly trusted – are also being integrated into OT environments, ensuring that every access request is authenticated and monitored.

The white paper makes it clear that cybersecurity must be embedded in every layer of industrial operations. It’s not just about preventing disruption but enabling progress.

Siemens’ multilayered cybersecurity strategy

Siemens champions a Defence-in-Depth approach to industrial cybersecurity, structured around the globally recognised IEC 62443 standard. This comprehensive strategy protects production environments through three interconnected layers: plant security, network security, and system integrity.

Plant security forms the first line of defence, focusing on physical access control and organisational processes. It includes barriers like secure control cabinets, surveillance systems, and card-based access. Equally important are the governance frameworks – risk assessments, security management protocols, and operational policies – that align security implementation with the specific needs of each facility.

Network security serves as the next layer, built around segmentation and isolation of critical systems. Siemens deploys firewalls, VPNs, and demilitarised zones (DMZs) to limit lateral movement within networks. The integration of Zero Trust principles ensures that no internal or external entity is inherently trusted – every access request must be authenticated and authorised. SCALANCE and RUGGEDCOM devices support encrypted communication, centralised firewall rule management, and secure remote access via platforms like SINEMA Remote Connect.

System integrity focuses on hardening the core technologies driving industrial automation. Siemens’ SIMATIC S7 controllers offer features such as multi-level access control, encrypted communication via TLS 1.3, IP and copy protection, and patch management. Whitelisting tools prevent unauthorised software execution, and anomaly detection powered by Claroty enhances real-time threat visibility. These measures are designed to secure both legacy and modern systems against manipulation and malware, without compromising performance or uptime.

Siemens notes that together, these layers ensure robust, scalable protection that evolves with the threat landscape. By embedding security throughout the digital enterprise – from factory floor to cloud interface –this Defence-in-Depth model helps organisations safeguard intellectual property, ensure operational continuity, and support sustainable industrial growth.

Zero Trust for industrial networks

With traditional perimeter-based cybersecurity no longer sufficient, Siemens suggests integrating Zero Trust principles into Operational Technology (OT) environments, to create a security framework where no user or device is trusted by default – regardless of its location.

Central to this strategy is the use of Zscaler Private Access deployed through Siemens’ SCALANCE LPE (Local Processing Engine). This setup allows secure, authenticated communication across IT and OT domains without altering existing network infrastructure. The SCALANCE LPE hosts the Zscaler App Connector, enabling OT assets to link with the Zscaler Zero Trust Exchange. This ensures that only validated users and devices can access specific resources, while minimising exposure to the broader network. 

Zero Trust’s core value lies in reducing the reliance on perimeter defences alone, shifting protection to the endpoints and the data itself. This architecture not only prevents lateral movement by potential attackers but also enforces granular, role-based access control. Siemens says this approach allows OT environments to adopt IT-grade access management practices, improving both flexibility and threat containment.

Moreover, the cloud-based management of Zscaler allows centralised policy enforcement and auditing, making it easier to maintain compliance and visibility across complex industrial environments. Because it uses only outbound connections, it significantly limits potential entry points for cyber threats, enabling secure support, monitoring, and diagnostics without putting core production systems at risk.

Security by design: A holistic approach to cybersecurity

Cybersecurity is no longer an afterthought – it must be an integral part of product development from the very beginning and Siemens underscores this principle through its Holistic Security Concept (HSC), which embeds security throughout the lifecycle of its industrial products, from initial design to deployment and maintenance.

Following the IEC 62443 international standard, HSC takes a proactive, layered approach to protecting critical assets such as source code, automation systems, and IT infrastructure.

The HSC focuses on five core levers: identifying business-critical assets, defining the required level of security, implementing standards-based protections, enhancing awareness, and planning for incident response. By embedding these pillars early in the product lifecycle, Siemens ensures that security is not only comprehensive but sustainable over time.

For example, standard automation tools like TIA Portal and controllers such as SIMATIC S7-1200 and S7-1500 are designed with embedded security functions. These include features like secure communication protocols, copy protection, and role-based access controls. During product development, rigorous risk analysis is conducted to identify and mitigate vulnerabilities before they can be exploited in the field.

Integrated, scalable cybersecurity

Siemens positions itself as a comprehensive cybersecurity partner for the industrial sector, offering an integrated and scalable portfolio of solutions that cover both product and service needs across the digital enterprise. According to the Cybersecurity for Industry white paper, this end-to-end approach is vital to securing the increasingly interconnected environments of modern production. 

At the heart of Siemens’ offering is a suite of security-enabled products, including the SIMATIC controllers, SCALANCE communication devices, and the TIA Portal engineering framework. These tools are designed with embedded security features such as encrypted communication, access control, and manipulation protection. They work seamlessly together to provide secure automation—from control systems to plant networks.

Complementing this product layer is a robust range of scalable cybersecurity services. These include risk assessments, managed security services, and lifecycle support for vulnerability and patch management. Siemens also offers advanced tools for network monitoring, secure remote access, and anomaly detection through platforms like SINEMA Remote Connect and SINEC NMS. These services can be tailored to the size and maturity level of any industrial operation, ensuring adaptability and long-term protection.

By combining technology, services, and domain expertise, Siemens enables industrial enterprises to protect their digital assets while accelerating their transformation into resilient, data-driven organizations.

As Siemens concludes, “Without cybersecurity, there can be no digital transformation.” Companies must therefore treat cybersecurity not as a cost centre, but as a strategic enabler of innovation, sustainability, and long-term competitiveness.

Want to read more? Download this free whitepaper below!