Industrial Control
System Security
became more important than ever before.
ISA/IEC 62443 series of standards were created to provide an easy-to-use, achievable model to handle risks and mitigate cybersecurity threats.
IEC 62443 is the standard for the protection of Industrial Control Systems and the most effective Cybersecurity solution for Industry 4.0.
With increased connectivity of production assets (IIoT), new hazards emerge that need to be included into the traditional risk management processes.
An industrial automation control system component manufacturer (supplier) shall include the consideration of security requirements under IEC 62443 4-1 in its product development processes.
The IEC 62443 standard Part 4-1 defines a secure development lifecycle for the purpose of developing and maintaining secure products used in industrial automation and control systems (IACS). The IEC 62443-4-1 certificate confirms that the developer has implemented a secure by design methodology from the first day of product development processes, which includes complete security lifecycle and patch management.
Developer/Manufacturer
PRODUCT SUPPLIER
Component/Product
PRODUCT
ISA/IEC 62443 series of standards were created to provide an easy-to-use, achievable model to handle risks and mitigate cybersecurity threats.
In order to make sure that the security requirements relevant to customers are met, these industrial components shall be certified in accordance with IEC 62443-4-2. If component suppliers follow the set of guidelines that are defined in the IEC 62443-4-2 subsection, they will equip their customers with the best chance of protecting their networks against cyberattacks.
Although the component suppliers must add certain features and capabilities to their devices in order for the devices to be suitable for deployment on Industrial IoT networks, conforming to the requirements outlined within IEC 62443-4-2 guarantees secure and resilient components, which are to be procured by 62443 certified and secured IACS organizations.
Security level
Misuse
Means
Resources
Knowlegde
Motivation
1
Accidental
-
-
-
-
2
Intentional
Simple
Few
General
Low
3
Intentional
Sophisticated
Moderate
IACS-specific
Moderate
4
Intentional
Sophisticated
Extensive
IACS-specific
High
The IEC 62443 standard describes 4 levels of security functionality for component security (62443-4-2)
SL1
Protection against causal or coincidental violation
SL2
Protection against intentional violation using simple means with low resources, generic skills and low motivation
SL3
Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation
SL4
Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation
CCLab is ready to provide the following services in order to conform and comply with the desired standards and security levels
Readiness assessment
Gap analysis
Consultation and support the preparations for certification
Online and on-site workshops
Documentation review
Secure product development lifecycle requirements audit & certification (62443-4-1)
Technical security requirements for IACS component evaluation & certification (62443-4-2)
Together with other members of QTICS Group we provide a wider range of compliance services within the Energy & Industry sector.
