The Cybersecurity and Infrastructure Security Agency (CISA) has launched a no‑cost service to help operators of Siemens SIMATIC PLCs and HMIs identify and remediate vulnerabilities. Experts explain why the program matters, what systems are covered, and how organizations can take advantage of the assessment.
A new safety net for industrial automation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a no‑cost cyber‑security service aimed specifically at sites that run Siemens SIMATIC programmable logic controllers (PLCs) and human‑machine interfaces (HMIs). The program, dubbed Secure by Design – Shields Up, lets manufacturers, utilities, and critical‑infrastructure operators request a remote vulnerability assessment, receive a hardening guide, and get help reporting any discovered issues.
Why CISA is focusing on SIMATIC now
Siemens’ SIMATIC line powers everything from automotive assembly lines to water‑treatment plants. According to a recent advisory from the European Union Agency for Cybersecurity (ENISA), more than 30 % of reported industrial‑control‑system (ICS) incidents in the past two years involved SIMATIC devices. The hardware is widely deployed, and many installations still run firmware versions that pre‑date the most recent security patches.
“SIMATIC controllers are a common target because they sit at the convergence of legacy fieldbus protocols and modern Ethernet‑based networks,” says Dr. Maya Patel, senior analyst at the Industrial Security Research Group (ISRG). “When a vulnerability is discovered, the ripple effect can be massive – a single compromised PLC can halt an entire production line.”
CISA’s decision to roll out a dedicated service reflects two trends:
- Increased threat actor interest – ransomware groups are now scanning for exposed PLCs to demand ransom for restoring production.
- Regulatory pressure – the U.S. Department of Energy and the Federal Energy Regulatory Commission have issued guidance that critical‑infrastructure owners must demonstrate a risk‑based approach to securing control‑system firmware.
What the Shields Up service includes
The offering is structured around three deliverables, each designed to be actionable for teams that may not have deep cybersecurity expertise:
- Remote vulnerability scan – CISA’s analysts connect to the target network (via a VPN tunnel or a jump host provided by the customer) and run a non‑intrusive scan against known SIMATIC firmware versions, configuration files, and network services. The scan leverages the open‑source tool PLCScan, which includes signatures for the latest Siemens advisories.
- Hardening guide – After the scan, CISA provides a customized PDF that lists:
- Firmware updates that are missing (with direct links to the Siemens Industry Online Support portal).
- Configuration changes to disable unused services such as the S7‑200 Web Server.
- Network‑segmentation recommendations, e.g., placing PLCs in a dedicated VLAN with strict ACLs.
- Incident‑reporting assistance – If the assessment uncovers a vulnerability that is already being exploited in the wild, CISA helps the organization draft a report for the National Cybersecurity and Communications Integration Center (NCCIC), ensuring the issue is logged in the ICS-CERT database.
The entire process is free of charge, but participants must sign a limited‑liability agreement and agree to share anonymized findings with the broader community.
How to enroll – step‑by‑step
- Visit the CISA portal – The program is listed under the Cyber‑Ready Services section of the CISA website: cisa.gov/secure‑by‑design.
- Complete the intake form – Provide basic information about your organization, the SIMATIC models in use, and a point‑of‑contact for the technical liaison.
- Schedule a kickoff call – A CISA analyst will walk through network topology, confirm remote‑access methods, and set a scan window.
- Run the scan – The analyst executes the PLCScan script while you monitor network traffic. The scan typically finishes in under 30 minutes for a single PLC.
- Review the hardening guide – Implement the recommended patches and configuration changes. CISA can validate the changes in a follow‑up session if you request it.
Practical takeaways for plant operators
- Prioritize firmware updates – Siemens releases security patches on a quarterly cadence. Even if a PLC appears to be running “stable” firmware, check the Siemens Industry Online Support portal for the latest security bulletin.
- Isolate control‑system traffic – Use firewalls or managed switches to enforce a “defense‑in‑depth” model. Block inbound traffic to PLCs from the corporate LAN unless a specific protocol (e.g., OPC UA) is required.
- Enable logging – Activate the built‑in audit log on each SIMATIC device and forward logs to a SIEM. Anomalous login attempts are often the first sign of a breach.
- Test incident response – Run tabletop exercises that simulate a compromised PLC. Knowing who to call at CISA and how to submit an incident report can shave hours off recovery time.
Looking ahead
CISA has indicated that the Shields Up service will expand to cover other vendor families, such as Rockwell Automation and Schneider Electric, later this year. For now, Siemens SIMATIC owners have a rare opportunity to get a professional security review without spending a dime.
“The best defense is a proactive assessment,” says James Liu, CISA’s lead for Industrial Control Systems. “If you can close the gaps before an attacker finds them, you protect not only your own plant but the entire supply chain that depends on it.”
Take advantage of the program while slots are still available. A secure PLC today means fewer production surprises tomorrow.
Comments
Please log in or register to join the discussion