Certification according to IEC 62443 – Boosting security against cyber-attacks
As digitisation and interconnectivity become increasingly widespread, production facilities and critical infrastructure are growing more vulnerable to cyber-attacks. The new lEC 62443 standard serves as a basis upon which companies can review potential vulnerabilities in their industrial automation and control systems and develop effective protective measures. TÜV SÜD is among the first service providers to offer testing and certification in line with the lEC 62443 standard.
A growing trend in the industry and technology sectors is to assemble interconnected industrial automation and control systems from standardised hardware and software components. While openness is a desirable quality for these systems, it also exposes them to the risks of cyber-attacks and criminal manipulation of IT infrastructure. Around 150 years ago, the first Industrial Revolution was powered by steam boilers – today, information technology has taken over as the turbo-charged driver of highly dynamic developments throughout production, business and society. The Internet of Things, the integration of industrial production lines into the world of IT, cloud computing and mobile working – IT promises new opportunities, but is also accompanied by new challenges. “The new IEC 62443 standard sets forth an integrated approach designed to guarantee the IT security of plants and systems, network security and system integrity”, explains Dr. Thomas Störtkuhl, Head of the Industrial IT Security Team at TÜV SÜD Rail. The standard focuses on IT security for industrial automation and control systems (IACS), which are vital to the reliable, secure operation of automated plants and infrastructures.
The lEC 62443 standard rests on four pillars. Pillar 1 comprises all documents related to the philosophy of the standard and its underlying concepts, terms and methods. Pillar 2 outlines an IT security management system for industrial automation and control systems with the requisite requirements. Pillar 3 presents technical specifications to serve as design guidance for industrial automation and control systems (IACS); an IACS is an IT system made up of various components such as SCADA applications, PLCs, field buses, actuators and sensors. Pillar 4 contains design and development requirements for control system components.
Following the adoption of the IEC 62443 Standard, the Industrial IT Security department offers certificates based on IEC 62443 for the fields of automation, production and critical infrastructures. TÜV SÜD is one of the first companies qualified to perform the tests and certification services involved, and provides these services for manufacturers in accordance with lEC 62443-4-1 and for system integrators in accordance with lEC62443-2-4.