WEBINAR

How to bridge the gap

between IT and OT?
Cross the digital chasm and modernize your
IT/OT infrastructure

Daniel Hertweck
IT/OT Convergence Specialist

Yazan Alnajjar
Industrial Cybersecurity Specialist

October 26, 2023

10 AM | 4 PM CEST
Page 1 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap
Soon, your organization will need to…

… face an increasing complexity of systems

… deal with scarce resources and know-how

… comply to OT security requirements

… bridge the gap between IT and OT

Page 2 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap
 How to solve the
IT/OT dilemma?

Page 3 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

 READY-TO-RUN

IT INFRASTRUCTURE
FOR OT ENVIRONMENTS

Page 4 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

 INDUSTRIAL
AUTOMATION
DATACENTER

Page 5 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Page 6 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap
Pre-configured and tested state-of-the-art components

The core of the Industrial Automation DataCenter is a virtualization solution with virtual
machines, supplemented by suitable hardware and software components for increased
overall system availability and energy-efficiency.

Pre-configured and pre-tested hardware and software components

1. Front Firewalls
2. Industrial DMZ
3. Back Firewalls Scalability:
4. IT Networking resource upgrade
capability during runtime
5. Computing
to react quickly to
6. Process Historian changing conditions
7. Backup & Disaster Recovery
8. OT Networking
9. Uninterruptible Power Supply

Central manufacturing ensures quality over the entire lifecycle

• Use of proven state-of-the-art technology form market leading companies
• All used hardware and software components are purchased, assembled, installed,
configured and tested centrally at the manufacturing in Nuremberg according to
strict quality requirements

Page 7 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Future-proof virtualization
with Industrial Automation DataCenter

Page 8 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Future-proof virtualization
with Industrial Automation DataCenter

The operating system and The hypervisor handles SIMATIC Virtualization as a Service
the user software are made the dynamic distribution offers this technology as a ready-to-
available in form of a virtual of the host resources to run complete system including
machine (VM). the virtual machines. configuration and system support.

Through virtualization, the A hypervisor is installed as an additional The virtual machines

operating system and the software layer on a high-performance server; are accessed through
user software of a computer it allows for the integration of several virtual energy- and cost-
are decoupled from its host. machines on only one host. efficient Thin Clients.

Page 9 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Future-proof virtualization
with Industrial Automation DataCenter

On the system platform, a virtual machine is delivered ready for operation.

On every virtual machine, a Microsoft Windows Server 2016, 2019 or 2022
64-bit (with activated license) is preinstalled.

We have broad expertise in hosting the following applications:

• SIMATIC PCS neo
• SIMATIC PCS 7
• SIMATIC Step 7
• SIMATIC WinCC
• TIA Portal
• BRAUMAT & SISTAR
• SIMIT
TIA Portal
• COMOS
• DESIGO CC

SIMATIC PCS 7

We are happy to advise you on the integration of your application.

Page 10 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Pre-configured IT infrastructure for optimized data handling
with Industrial Automation DataCenter

Page 11 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Page 12 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap
Secure IT/OT data exchange through Industrial DMZ
with Industrial Automation DataCenter

Page 13 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Siemens relies on holistic cybersecurity concept: Defense in Depth

Security threats
demand action
Defense in Depth
based on IEC 62443

Plant Security
Network Security
System Integrity

Industrial Cybersecurity
Services

Page 14 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Industrial DMZ Infrastructure
Definition & Purpose of a DMZ in an Industrial Sector

is a designated area within a network that acts as a buffer zone between the internal, trusted
network and the external, untrusted network (e.g., the internet). It is designed to enhance security
and control over the flow of data and communication.

The primary purpose of an industrial DMZ is to improve the security posture of critical
infrastructure and industrial control systems (ICS). It helps protect against cyber threats and
unauthorized access to industrial networks, which can have serious safety and operational
implications.

DMZs facilitate the controlled exchange of data between the internal and external
networks, allowing organizations to monitor and filter traffic, and manage access to sensitive
systems.

Page 15 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Purdue Model >> PCS7

Level - 4

Level - 3.5

Level - 3

Level - 2

Level - 1

Page 16 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Industrial DMZ Infrastructure
Components of an Industrial DMZ Infrastructure

Fundamental component of a DMZ. They control traffic between the internal

and external networks and can enforce security policies.

These systems help detect and

prevent malicious activities within the DMZ.

Proxy servers can be used to mediate traffic between networks,

providing an additional layer of security and anonymity.

These gateways can restrict access to specific applications and

services, further enhancing security.

VPNs can secure communication within and across

the DMZ.

Page 17 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Industrial DMZ Infrastructure
Zoning in an Industrial DMZ

Perimeter Zone

Middle Zone

Internal Zone

Page 18 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Virtualized DMZ with
state-of-the-art technology

IT/OT network segmentation

• DMZ (demilitarized zone) with redundant front and back
firewalls protects the OT systems from unauthorized access
from outside.
State-of-the-art
• “Next Generation” firewalls go beyond protocols and port
inspection of classic firewalls and facilitate data analysis at the
application level (layer 7).
Virtualized DMZ
• The services in the DMZ are made available as virtual
machines on a separate high-performance virtualization host:
• Data Exchange Server
• Domain Name System
• Endpoint Protection
• Information Server
• Jump Host
• Management
• Network Monitor Server
• Update Server

Page 19 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Industrial Cybersecurity Services: End-to-end approach

• Security Assessments
• Industrial Security Consulting
• Security Awareness Training

• Industrial Next Generation Firewall

• Industrial DMZ Infrastructure
• Industrial Anomaly Detection

• Endpoint Protection
• Vilocify Vulnerability Services
• Patch Management
• Backup and Restore

Page 20 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Reverse the Operational Domino Effect
with Remote Industrial Operations Services

Remote Industrial Operations Services Main value drivers

Increasing IT/OT system complexity, lack of resources

and cybersecurity regulations are major risks for
productivity losses in operational technology. The Proven IT/OT expertise
unexpected failure of even the simplest component can by our experts
lead to a domino effect and shut down operations.

With our Remote Industrial Operations Services, you

have experts behind you who remotely manage your
IT/OT infrastructure and thus align your IT and OT.
Operational continuity
through maximized
How does it work? availability

The modular contracting enables you to select only

the services you need:

• 24/7 monitoring Compliance with

• Predictive intelligence maintenance cybersecurity regu-
lations (e.g. NIS 2)
• IT/OT technical experts support
• Secured by design

Page 21 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Reverse the Operational Domino Effect
with Remote Industrial Operations Services

• Continuous Monitoring • Reporting

Available • Incident Management • Network Management
• Disaster Recovery Support • User Management

• Security Patching • Whitelisting

• Traffic Monitoring • Threat Detection & Response
Secured • Anomaly Detection • Endpoint Protection
• Vulnerability Management • Security Information & Event Management
• System Hardening

• Windows Server Update Services • Periodic Maintenance

• Software & Firmware Updates • Back-up & Restore
Maintained
• Preventive Maintenance • Configuration & Change Management
• Asset Management

• Remote Support • Managed System Support

• 24/7 Service Desk • Technical Product &
Supported • Service Request Management Hardware Support

Page 22 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Benefit from the Industrial Automation DataCenter

Ready-to-run high available IT infrastructure

with system-tested and pre-configured
components – tailor-made for your plant

Operational
High energy efficiency and space Continuity
thanks to remote
savings through virtualization platform management of
and optimized use of IT resources infrastructure by
IT/OT experts

Cybersecurity by design thanks to

integrated solutions like industrial DMZ,
Next Generation firewalls and backup solution

Page 23 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Bridge the gap
between IT and OT

with our managed

IT/OT infrastructure.
Seite 24 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap
Siemens is your reliable partner for IT/OT infrastructure

We are the We drive We understand We offer state-of- Our processes

automation digitalization industrial security the-art technology and products
experts with and end-to-end are proven
services from a and certified
specific industry
single source
know-how

Page 25 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Reliable IT expertise proven globally in OT environments across all industries

Systems

> 3.100
Virtual Machines

> 40.000
Customers

> 500

Siemens is ranked #3 in global market share of the Top 10 Industrial Software Companies,
[ahead of Amazon (#4), Oracle (#5) and IBM (#8)] – Global IOT Analytics

Page 26 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Future proof IT/OT
infrastructure Bayer Hispania
Industrial Automation DataCenter

Customer challenge
• Reliable digitalized infrastructure providing accessibility and connectivity
for all systems
• Compliance with highest requirements of pharma industry (GMP, FDA, ISA 88)

Solution
• SIMATIC Virtualization as a Service
• Backup and Restore Professional server, Process Historian server
• On-site and remote support during the implementation phase
• Technical support for the network and active directory integration
• Consulting, Implementation and Optimization Services for the entire lifecycle

Customer benefit
Pre- High • Pre-configured, tested system and utilization of the latest digital technologies
• High availability and reliability while maintaining system flexibility
configured availability • Basic IT/OT security measures implemented as standard
and tested and • Coordinated lifecycle services, technical pre-sales and after-sales support
from Siemens provide security and cost transparency
reliability
 

Page 27 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

 Engineered solutions like Siemens’
Industrial Automation DataCenter
are designed to help users
cross the digital chasm and
modernize their automation architectures
to reap the benefits of digitalization.
(ARC Advisory Group, 2022)

Page 28 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

 Contact our experts
Daniel Hertweck
IT/OT Convergence Specialist
daniel.hertweck@siemens.com

Yazan Alnajjar
Industrial Cybersecurity Specialist
yazan.alnajjar@siemens.com

www.siemens.com/iadc

Page 29 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Disclaimer

© Siemens 2023

Subject to changes and errors. The information given in this document

only contains general descriptions and/or performance features which
may not always specifically reflect those described, or which may
undergo modification in the course of further development of the
products. The requested performance features are binding only when
they are expressly agreed upon in the concluded contract.

All product designations may be trademarks or other rights of

Siemens AG, its affiliated companies or other companies whose use
by third parties for their own purposes could violate the rights of the
respective owner.

Page 30 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap

Security Information

Siemens provides products and solutions with industrial security functions that support the secure operation of plants,
systems, machines and networks. ​

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain –
a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept. ​

Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems,
machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection
is necessary and only when appropriate security measures (e.g., firewalls and/or network segmentation) are in place. ​

For additional information on industrial security measures that may be implemented, please visit https://www.siemens.com/cybersecurity.

Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product
updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer
supported, and failure to apply the latest updates may increase customer’s exposure to cyber threats. ​

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed
under https://www.siemens.com/cybersecurity.

Page 31 Restricted | © Siemens 2023 | 2023-10-26 | Bridge the IT/OT gap