Skip to content

Attack surface reduction

Physical access to IE components

If not operated in the cloud, the Industrial Edge Management, the connected Industrial Edge Devices and their underlying infrastructure must be installed in a protected environment that ensures physical access is limited to authorized personnel only.

Additionally, services exposed via the network shall only be accessible by the required communication peers.

Physical access protection can be applied by operating the hardware in access protected rooms or locked racks. Attached cables should be protected against unauthorized modification of the wiring being intended for the corresponding device.

Network protection must be implemented by security parameters like firewalls being configured by the customer.

Further information related to network security is documented here.

Application and Runtime Hardening

Hardening Industrial Edge Apps is in the responsibility of the creator of an Industrial Edge App; They need to apply the least privilege principle to their App.

Siemens is responsible for the container runtime hardening and its required components (on IEDs).

The Device Builder must harden the operating system of the Industrial Edge Device.