Industrial Control
System Security

Protecting Industrial Control Systems against cyberattacks
became more important than ever before.

ISA/IEC 62443 series of standards were created to provide an easy-to-use, achievable model to handle risks and mitigate cybersecurity threats.

IEC 62443 is the standard for the protection of Industrial Control Systems and the most effective Cybersecurity solution for Industry 4.0.

With increased connectivity of production assets (IIoT), new hazards emerge that need to be included into the traditional risk management processes.

An industrial automation control system component manufacturer (supplier) shall include the consideration of security requirements under IEC 62443 4-1 in its product development processes.

The IEC 62443 standard Part 4-1 defines a secure development lifecycle for the purpose of developing and maintaining secure products used in industrial automation and control systems (IACS). The IEC 62443-4-1 certificate confirms that the developer has implemented a secure by design methodology from the first day of product development processes, which includes complete security lifecycle and patch management.

Developer/Manufacturer

PRODUCT SUPPLIER

ISA/IEC 62443-4-1

Component/Product

PRODUCT

ISA/IEC 62443-4-2
Applications
Embedded devices
Network components
Host devices

ISA/IEC 62443 series of standards were created to provide an easy-to-use, achievable model to handle risks and mitigate cybersecurity threats.

In order to make sure that the security requirements relevant to customers are met, these industrial components shall be certified in accordance with IEC 62443-4-2. If component suppliers follow the set of guidelines that are defined in the IEC 62443-4-2 subsection, they will equip their customers with the best chance of protecting their networks against cyberattacks.

Although the component suppliers must add certain features and capabilities to their devices in order for the devices to be suitable for deployment on Industrial IoT networks, conforming to the requirements outlined within IEC 62443-4-2 guarantees secure and resilient components, which are to be procured by 62443 certified and secured IACS organizations.

Security level

Misuse

Means

Resources

Knowlegde

Motivation

1

Accidental

-

-

-

-

2

Intentional

Simple

Few

General

Low

3

Intentional

Sophisticated

Moderate

IACS-specific

Moderate

4

Intentional

Sophisticated

Extensive

IACS-specific

High

The IEC 62443 standard describes 4 levels of security functionality for component security (62443-4-2)

SL1

Protection against causal or coincidental violation

SL2

Protection against intentional violation using simple means with low resources, generic skills and low motivation

SL3

Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation

SL4

Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation

CCLab is ready to provide the following services in order to conform and comply with the desired standards and security levels

  • Readiness assessment

  • Gap analysis

  • Consultation and support the preparations for certification

  • Online and on-site workshops

  • Documentation review

  • Secure product development lifecycle requirements audit & certification (62443-4-1)

  • Technical security requirements for IACS component evaluation & certification (62443-4-2)

Together with other members of QTICS Group we provide a wider range of compliance services within the Energy & Industry sector.

You don’t have enough information about Industrial Control System Security?

check our faq

Do you need support for your Industrial Control System Security project?

CONTACT US