Siemens S7-1200 G2 Achieves TÜV Certification for IEC 62443-4-2 Cybersecurity Compliance
Siemens’ newly launched SIMATIC S7-1200 G2 CPUs have achieved TÜV SÜD certification in accordance with IEC 62443-4-2, the international benchmark for secure industrial components. This new certification joins Siemens’ existing lineup of IEC 62443-4-2 certified components, including the SIMATIC S7-1500 PLCs (starting from Firmware Version 3.1), S7-1500 Software Controllers (starting from Firmware Version 30.1) , SIMATIC WinCC 8.1 and higher, as well as SCALANCE SC-600 industrial security routers.
For engineers, this means that your basic automation systems using the S7-1200 G2 controller family come with defense-in-depth security features which improve system integrity and help to keep your plants secure against rising cyberthreats.
Below, we unpack the certification, the technical security functions included within SIMATIC S7-1200 G2 CPU's, and why this matters when you’re designing more resilient, secure automation systems.
The Rising Stakes in OT Security
Yesterday, we had islands of communication, manufacturing was safe in its own (proprietary) OT world. All data was collected and processed locally. Only concentrated information was communicated, separate from the process.
Today everything is more and more connected as the OT/IT convergence continues to gather steam. A huge amount of data needs to be handled all the time, securely, process integrated, and in an optimal way.
But now every connected device becomes a potential entry point for cyber-attacks. In fact, 61% of smart factories have experienced a cybersecurity incident and the manufacturing sector continues to top the ransomware league tables, suffering 65% of observed OT extortion attacks in 2024 alone.
IEC 62443 helps industrial facilities improve their security by providing guidance on how to protect industrial automation and control systems IACS) with a layered framework that bridges industrial control hardware, networks, and operational policies.
IEC 62443‑4‑2 specifically defines technical security requirements for IACS component classes which span the component’s entire lifecycle, including software updates, patch management, and end-of-life processes. These component classes include embedded devices (such as PLCs), network equipment, host devices, and software applications.
The security requirements laid out in IEC 62443-4-2 include:
Access Control & Authentication
Ensures that all users (humans, devices, software processes) are reliably identified and authenticated before system access can be granted. This prevents unauthorised entities from interacting with system components.
Use Control
Grants access privileges only to authenticated users, enforcing the “least privilege” principle. Users can only perform those actions they are explicitly authorised to do, and usage is monitored accordingly.
System Integrity
Maintains the integrity of the system by preventing unauthorised manipulation, modification, or destruction. Mechanisms are put in place to detect and protect against malware, unauthorised changes, and other threats to integrity.
Data Confidentiality
Protects sensitive data and confidential information from unauthorised disclosure, both in transit and in data repositories.
Restricted Data Flow
Controls and limits the flow of data within, between, and out of system segments (zones and conduits). This segmentation helps reduce the attack surface and minimizes exposure in case of a breach.
Timely Response to Events (TRE)
Ensures that security events, such as attempted breaches or system anomalies, are promptly detected, reported, and addressed. This includes alerting responsible parties and initiating incident response actions as needed.
What does the SIMATIC S7-1200 G2 IEC 62443-4-2 TUV certification mean for you?
Now that the SIMATIC S7-1200 G2 controller family has achieved TÜV certification in accordance with IEC 62443-4-2, this means that this PLC system’s embedded security features meet the technical requirements outlined above and gives you greater confidence that the S7-1200 G2 offers proven resilience in the face of cyber threats.
This is because fundamental system hardening to ensure system integrity has already taken place by the time an S7-1200 G2 controller arrives on site, which is also backed by a secure development process that is fully compliant with IEC 62443-4-1.
S7-1200 G2 also provide the following security functions:
- Security by default authentication and access protection set as standard with role-based access control to support the ‘least privilege’ principle.
- Support for encrypted communication protocols to protect data integrity and confidentiality
- Secure boot sequence to ensure firmware authenticity and integrity during startup
- Digitally signed secure firmware updates allowing for comprehensive patch management
- Security log for security related events
But as standards are constantly changing and new cyber threats emerge, Siemens continuously optimises its security concept and adjusts based on the continuous monitoring and security management that they undertake so that you can rely on comprehensive long-term protection.
Click here to learn more about the SIMATIC S7-1200 G2 for basic automation applications