IEC 62443 – the industrial cybersecurity standard Increase your level of security
The international IEC 62443 series of standards sets out basic requirements for avoiding security risks for component manufacturers, system integrators, and operators. Find out here how the standard can help you improve network security in your industrial system and what needs to be done. As a multi-certified provider of components, solutions, and consulting services, we will be happy to assist you with this.
What is IEC 62443?
The IEC 62443 series of standards aims to provide support for the secure operation of industrial automation systems (ICS systems) – from design through implementation to management. To this end, the various standards in the series specify rules for component manufacturers, system integrators, and operators. Component manufacturers must ensure the protection of products, while machine builders and system manufacturers are responsible for their secure interaction. The operator is ultimately responsible for the secure operating processes.
IEC 62443 builds on standard ISO 27001, which mainly consists of rules for IT security. Together, both standards provide a holistic approach to protecting companies against cyber threats.
How can I implement IEC 62443 as an operator?
To develop a secure automation solution, the first step is to define the values that need to be protected. These can then be used to derive the operator’s security requirements. To do this, a threat and risk analysis is performed to determine the requirements for the system and the components used. This results in a holistic security concept.
However, the protection level of a system is not simply determined by its technical capabilities; it is also affected by the implemented processes and the expertise of personnel. This is because a secure system requires permanent monitoring and maintenance. This includes precise knowledge of the installation and its properties, i.e., a network plan and inventory of all components, as well as management of all users and rights, plus access data.
Phoenix Contact has already been certified in accordance with the IEC 62443-2-4 process and IEC 62443-3-3 for the design of secure automation solutions. We would be happy to provide you and your employees with training and provide advice on what your tailored IEC 62443 solution should include.
What does a secure solution look like?
There is no overarching solution for implementing the standards. Rather, you have to implement the rules according to your individual needs and circumstances.
To better explain and make it easier to implement the procedural requirements and functional system requirements of IEC 62443-2-4, Phoenix Contact has developed a “Remote Monitoring and Control” blueprint (see figure below). The individual elements of the multi-step protection strategy (defense in depth concept) include the segmentation of zones and conduits, data flow control, end-to-end communication encryption, component hardening, awareness training for employees, and processes for patch management and risk management.
This solution has been certified in accordance with IEC 62443-3-3.
How does Phoenix Contact implement IEC 62443?
Phoenix Contact provides a convenient all-in-one security package ranging from individual products and services to entire solutions. In this respect, cybersecurity is firmly rooted in the life cycle of our products and solutions: in the form of a secure product development process, in the sense of modern security functions, when advising customers, when creating secure network concepts, and also through a professional vulnerability management system (PSIRT). For some of these areas, we are already certified by the TÜV Süd certification body.
- We have been certified in accordance with IEC 62443-4-1 for the development of Secure-by-Design products since 2018.
- We have been certified in accordance with IEC 62443-2-4 for the design of secure automation solutions since 2019.
- The “Remote Monitoring and Control” blueprint from Phoenix Contact has been certified in accordance with IEC 62443-3-3.