Solution: Industrial Security Concepts | IEC 62443

Solution: Industrial Security Concepts | IEC 62443

TÜV AUSTRIA BELGIUM - Team Non Destructive Testing

Region: Belgium

Wingepark 41 3110 Rotselaar Belgium

+32 2 532 29 11

Send email

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

Industrial security concepts for industrial automation systems according to IEC 62443

Security from one source

TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services as well as support during implementation. Thanks to its holistic view of companies, TÜV AUSTRIA sometimes ensures ongoing risk minimisation, competitive advantages through independent third party verification as well as consistent safety.

Accreditation

In which region do you need this solution?

  • All regions

"TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services."

Cyber Security: Risk analysis and management according to IEC 62443

With the increasing connectivity of production plants (IIoT), new hazards arise that need to be included in traditional risk management processes. As a plant operator, machine or control manufacturer, you should also be aware of these risks. The IEC 62443 international standard series addresses the cyber security of Industrial Automation and Control Systems (IACS), taking a holistic approach that covers the entire lifecycle.

Cyber Security & IT/OT Integrity

Do I need it at all?

Example based on the TRITON malware framework: Triton, which was first discovered in 2017 in a Saudi Arabian chemical plant, is one of the best-known representatives of industrial plant-specific malware. In this case, the plant’s security system is specifically attacked in order to take over and control it remotely. At the time, the software had already been dormant in the system for several years before it caused the plant to fail twice in 2017. However, the attackers could also have triggered the release of dangerous gases or explosions, which would have endangered not only economic resources but also human lives.

Common cyber security myths

  • Myth 1: We are not connected to the internet at all.
  • Myth 2: Our firewall protects us from any dangers.
  • Myth 3: Hackers have no idea about SCADA/DCS/PLC.
  • Myth 4: Our system is not a target for attacks.
  • Myth 5: Our security system will repel all damage.

Machine and plant operators

Thanks to the IEC 62443 standard, you as a machine/plant operator know the security requirements of your operation and are thus in a position to both secure your production and expand your operation with new machines or process plants that meet the security requirements without much additional measures (IEC 62443 3-2, 3-3).

Machine manufacturers and plant constructors

The IEC 62443 standard enables you as a plant and machine manufacturer to build and install systems with defined security requirements (IEC 62443 3-2, 3-3). This enables seamless integration into existing plants with known security requirements.

Controller manufacturer (IACS)

You as a controller manufacturer (IACS) can include the consideration of security requirements according to IEC 62443 4-1 in your product development processes in order to develop controllers with the security requirements relevant to your customers according to IEC 62443-4-2 IEC. Maintenance and service processes are made safe thanks to IEC 62443 2-4.

Plant Safety & Risk Management

Risk factors to which we should pay attention

Until about 15 years ago, plant performance and safety was based on technical integrity and processes and systems. At that time, it was recognised that human factors had a major impact on safety and performance. General risk management assumptions suggest that up to 80% of all safety and performance incidents are caused by human factors.

It is important to understand that cyber security integrity breaches can have a major impact on security and performance. Cyber security incidents can originate from human factors, systems and direct technical integrity.

TÜV AUSTRIA Services

Industrial plants

  • Network segmentation – IT/OT
  • Incident & Patch Management
  • Vulnerability assessments & penetration tests
  • Security awareness training for employees

IoT, IIoT and Industrial Automated Control Systems (IACS)

  • Secure product development, integration and certification
  • Security Hardening
  • Secure hardware and software for the entire product life cycle

Physical & cognitive assistance systems

  • Security by Design
  • Collaborative Robotics and AR/VR
  • Evaluation of the workspace

Overview of the IEC 62443 family

Part 1: General

  • Part 1.1: Terms, concepts and models
  • Part 1-2: List of terms and abbreviations
  • Part 1-3: Measures of compliance with system safety
  • Part 1-4: IACS Security Life Cycle and Use Cases

 

Part 2: Policies and procedures

  • Part 2-1: Setting up an industrial automation and control system.
  • Part 2-2: Guidance for the Implementation of an IACS Security Management System
  • Part 2-3: Patch Management in the IACS Environment
  • Part 2-4: Security Programme Requirement for IACS Service Providers

Part 3: System

  • Part 3-1: Safety technologies for industrial automation and control systems
  • Part 3-2: Safety risk assessment and system design
  • Part 3-3: System requirements and safety levels

Part 4: Component / Product

  • Part 4-1: Requirements for a safe product development cycle
  • Part 4-2: Technical safety requirements for IACS components

"*" indicates required fields

Land*
Address
This field is for validation purposes and should be left unchanged.

I am tami

Are you here for the first time? I will be happy to help you find your way around.

Check certificate

Find a solution

Submit science award

Check certificate

  • Person Certificate

  • Product Certificate

  • System Certificate

  • Verification of Conformity

Enter the data and check a certificate

Find a solution

WiPreis einreichen

WiPreis submit

"*" indicates required fields

1
2
3
4
First, please select in which category you would like to submit*

You cannot copy content of this page