INDUSTRIAL INTERNET OF THINGS (IIOT)
Nowadays, more than ever, the industrial environment is being digitalized using Industrial Automated Control Systems (IACS) to network such as Programmable Logic Controllers (PLCs), Distributed Control Systems (DCSs), Human-Machine Interfaces (HMIs or Supervisory Control and Data Acquisition systems (SCADA), that are used in factories or critical infrastructures to monitor and control a specific system or process.
This connectivity implies the global visibility of this systems increasing the likelihood of cyberattacks that potentially impacts to brand reputation, human safety, operational productivity because of data thefts, frauds and extortions or sabotages.
What is the IEC 62443 standard and what are its objectives?
IEC 62443 is the international standard for the security of industrial automation control systems and components (IACS). This standard is currently the only reliable solution for testing the cybersecurity of components in the field of industrial automation.
It was created nearly two decades ago by a group of volunteers from the SP99 Committee, established by ISA, International Society Automation & Control. It was subsequently revised and adopted by IEC, the International Electrotechnical Commission (IEC), hence the original name ISA 99/IEC 62443.
Implementing this standard is the way to objectively demonstrate that cyber security is a top priority in your organization, encouraging industrial control systems to protect against cyber threats. In the current environment, where the number of threats to this type of technology is increasingly significantly, implementing the IEC standard ensures that companies are less vulnerable to any cyber-attack that may result in, among other things, equipment failure, production freeze, as well as unexpected costs related to the repair of control systems, and the associated loss of profits.
This international standard was created to safeguard Industry 4.0 by making the exchange of data from outside to inside and vice versa safe and reliable. It is further subdivided into two standards, each of which applies to a specific type of requirement.
IEC 62443-4-1: Focused on safe product development life cycle requirements.
IEC 62443-4-2: Focused on the technical security requirements for IACS components.
Benefits for the manufacturer
Having an IEC 62443 industrial cyber security certification verifying the requirements of IEC 62443-4-1 / IEC 62443-4-2 provides a number of advantages to the company that chooses to become certified, some of the most significant of which are:
- Improved component cyber-security
- Advance of regulatory requirements that will be coming in the next years
- Improving cyber security awareness within the company
IEC 62443-4-1, definition and security requirements
IEC62443-4-1 is a subset of IEC 62443-4:2018(E) which specifies process requirements for the safe development of products used in industrial automation and control systems.
Specifically, IEC 62443-4-1 specifies the process requirements for the safe development of products used in an IACS device while taking the product life cycle into account.
This standard is divided into 4 levels of maturity that will be included in the certificate issued, reflecting the requirements that have been evaluated and their level of maturity.
It is mandatory to first obtain the IEC 62443-4-1 certification if you wish to be certified in IEC 62443-4-2.
IEC 62443-4-2, definition and security levels
jtsec industrial cybersecurity service focuses on the security requirements for IACS components, IEC 62443-4-2 "Technical security requirements for IACS components". The standard defines 4 security levels:
SL 1- Prevent unauthorised disclosure of information through eavesdropping or casual exposure.
SL 2- Prevent unauthorised disclosure of information to an entity actively seeking it using simple means with few resources, generic skills and low motivation.
SL 3- Prevent unauthorised disclosure of information to an actively seeking entity using sophisticated means with moderate resources, IACS specific skills and moderate motivation.
SL 4 - Prevent unauthorised disclosure of information to an actively seeking entity using sophisticated means with extended resources, IACS-specific skills and high motivation.
What we offer
At jtsec we are experts in security assessments and know the process inside out. To avoid unnecessary costs, contact us as soon as possible.
ASSESSMENT, ACCREDITED LABORATORY
We have years of experience in security certifications and a team of professionals with extensive knowledge and expertise who will handle of the entire process, saving you unnecessary time and costs. We are a CCN and ENAC accredited laboratory for Common Criteria and LINCE, as well as an IECEE CB accredited lab for industrial cyber security.
We can help you obtain IEC 62443 certification issued by CERE NCB for your industrial product under the IECEE CB methodology.
We offer you maximum support to help you comply with IEC 62443-4-1 62443-4-2 standards.
With this service we will generate all the necessary documentation and assist you in the development of both the life cycle of your product and the component itself, saving you time, money and resources.
Obtaining 62443 certification can be a significant challenge for an organization, jtsec supports you throughout the process to ensure that your security objectives are met. This service may include gap analysis, document preparation or security design review.