IEC 62443 is the standard for the protection of Industrial Control Systems and the most effective Cybersecurity solution for Industry 4.0.
With increased connectivity of production assets (IIoT), new hazards emerge that need to be included into the traditional risk management processes.
An industrial automation control system component manufacturer (supplier) shall include the consideration of security requirements under IEC 62443 4-1 in its product development processes.
The IEC 62443 standard Part 4-1 defines a secure development lifecycle for the purpose of developing and maintaining secure products used in industrial automation and control systems (IACS). The IEC 62443-4-1 certificate confirms that the developer has implemented a secure by design methodology from the first day of product development processes, which includes complete security lifecycle and patch management.
In order to make sure that the security requirements relevant to customers are met, these industrial components shall be certified in accordance with IEC 62443-4-2. If component suppliers follow the set of guidelines that are defined in the IEC 62443-4-2 subsection, they will equip their customers with the best chance of protecting their networks against cyberattacks.
Although the component suppliers must add certain features and capabilities to their devices in order for the devices to be suitable for deployment on Industrial IoT networks, conforming to the requirements outlined within IEC 62443-4-2 guarantees secure and resilient components, which are to be procured by 62443 certified and secured IACS organizations.
Accidental
-
-
-
-
Intentional
Simple
Few
General
Low
Intentional
Sophisticated
Moderate
IACS-specific
Moderate
Intentional
Sophisticated
Extensive
IACS-specific
High
Protection against causal or coincidental violation
Protection against intentional violation using simple means with low resources, generic skills and low motivation
Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation
Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation
Readiness assessment
Gap analysis
Consultation and support the preparations for certification
Online and on-site workshops
Documentation review
Secure product development lifecycle requirements audit & certification (62443-4-1)
Technical security requirements for IACS component evaluation & certification (62443-4-2)
Together with other members of QTICS Group we provide a wider range of compliance services within the Energy & Industry sector.