The Bronze version includes monthly newsletters on available security patches relevant to customers' systems. They inform users about the impact and criticality of vulnerabilities and possible solutions.
Additional Web links to vendor's Web pages for security patch downloads are also provided. The Bronze service provides valuable information to keep the customer up-to-date and aware about cyber threats but without pre-testing.
The more advanced Silver version offers testing of security patches on a Siemens Energy generic testbed and on a customer-specific maintenance and training simulator (MTS). The generic testbed is a Siemens Energy facility specifically designed for HVDC/FACTS systems with a generic, non-customer-specific hard- and software for testing purposes – but it doesn't cover the full configuration of all customer’s operational systems. Therefore, if security patches may not be able to be tested on the testbed, Siemens Energy will evaluate alternative mitigation measures.
If the customer owns a maintenance and training simulator (MTS), Siemens Energy will conduct further testing on the customer's MTS as part of the Silver service. Because the structure and components of the MTS are similar to the customer’s operational system, the testing scope and results will be very close to those of the operational system.
The highest-level Gold version comprises the installation of tested security patches on the site of the operational system during scheduled yearly outages on a regular basis. This includes preparation, secure backup, patch installation, basic testing, and documentation.