Skip to content

Security

This chapter provides an overview of the security measures and practices implemented to ensure a safe and trustworthy use of the application.

General Data Protection Regulation (GDPR)

Siemens adheres to the principles of data protection, in particular the principles of data minimization (Privacy by Design). The product processes and stores the following personal data:

  • First and last name
  • User ID
  • Email address
  • Timestamp
  • IP addresses
  • MAC addresses

This data is used for user and access management, notification purposes and logging relevant user actions.

If the customer links the data mentioned above to other data (e.g. shift plans) and thus creates a personal reference, or if the customer saves further personal information in the custom user defined fields in the software service, the customer has to ensure that the guidelines regarding data protection are observed.

Data security and responsibility

Siemens maintains robust security measures to ensure secure storage and integrity of customer data within our infrastructure, including encryption, regular backups, and industry-standard protection mechanisms. Customers retain full responsibility for the content they upload or input into the service, including ensuring that all data is free from viruses, malware, and any illegal or unauthorized content.

While Siemens implements comprehensive security controls, we cannot be held liable for any damages, losses, or disruptions arising from customer-uploaded data containing malicious code, harmful content, or unauthorized material. By using this service, customers acknowledge their responsibility to verify and validate their data before upload and agree to indemnify Siemens against any claims resulting from their uploaded content.

Network security

Industrial Asset Hub uses a firewall-friendly protocol. All system components are initializing connections from lower level to upper level using a secured communication channel with TLS encryption.

All components operated by the customer should be protected by a suitable perimeter protection.

In typical environments a network cell protection concept is in place to prevent exposure of the automation level to the outer world. The Asset Gateway, which needs to reach out to the automation-level protocols, is typically deployed on the boundary between machines - here exemplarily sketched on an Industrial Edge device.


Figure: Exemplary network sketch

The Asset Gateway must be enabled to communicate with the Asset Hub backend services. The following access points must be accessible.

Environment Backend URLs
Productive
tenant.eu1.sws.siemens.com/industrialassethub/		 prod.cdm.xo.siemens.cloud
3.69.132.246
18.197.121.71

cloud.eu1.sws.siemens.com
3.71.136.197
3.77.228.6
18.158.179.67

Additional settings, such as proxy settings, may be required. For Industrial Edge, these can be applied during onboarding or in the system settings for the Industrial Edge devices.

Impact on production network

Industrial Asset Hub utilizes active scanning methods to discover and identify asset specific information. The active scanning is necessary to cover all connected devices, even those that seldom communicate and therefore, typically not detected by passive methods.

The additional network load created by Industrial Asset Hub can influence the communication processes inside the production. The protocols used to discover the devices are well known in the industry. Nevertheless, not all devices have been tested nor necessary fully compliant to standard protocols so it is advised to run an initial test scan during a maintenance phase or on test devices before running a full scan in the production.

Cybersecurity information

Siemens provides products and solutions with industrial cybersecurity functions that support the secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial cybersecurity concept. Siemens’ products and solutions constitute one element of such a concept.

Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place.

For additional information on industrial cybersecurity measures that may be implemented, please visit the Industrial Cybersecurity page.

Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Cybersecurity RSS Feed.

Cookies

Regarding cookies, please refer to the Cookie Notice.

Any questions left?

Ask the community