The risk of cyber attacks is increasing every day, and responsible handling of information is more important than ever. Information is a valuable asset, and loss or manipulation of data can lead to very serious consequences.
Standard IEC 62443 (Industrial Communication Networks – Networks and System Security) is now established as an internationally recognised standard for evidence of conformity in the process and automation industries. Because of a lack of further standardisation, many other industrial sectors are now also making use of this standard. This means that IEC 62443 is becoming the central certification standard for Industry 4.0.
IEC 62443 also serves as a possible evidence of fulfilment of the duty of care in accordance with the German Ordinance on Industrial Safety and Health (BetrSichV) and the German Product Safety Act (ProdSG).
Part 2 of the standard, entitled “Security for Industrial Automation and Control Systems” describes the IT security management system and therefore defines the organization of security and associated implementation tools.
Part 2-1 describes requirements for an IT security management system, such as for example definition of security procedures. In Part 2-2 there are notes on how and in which areas these procedures are to be implemented. The updating of automation system software (patching) is particularly important, as gaps in security can arise if obsolete software in in use. Therefore Part 2-3 is completely devoted to the subject of patch management. Part 2-4 is concerned with the use of IACS service providers for integration and servicing from the point of view of Security.
Certification according to IEC 62443 analyzes and evaluates safety concepts and measures. It proves that the certified company works according to the 'state of the art' and fulfills its legal duties of care - important prerequisites for minimizing liability risks. In addition, components can be placed on the market safely in accordance with the Product Safety Act (ProdSichG). And last but not least, companies can protect their employees in this way in accordance with the Industrial Safety Ordinance.
Hackers and cybercriminals do not stop at industrial plants. If they discover a weak point, they can sometimes put entire industrial plants out of operation. Particularly in the area of critical infrastructures, this can have dramatic consequences, such as lasting supply bottlenecks.
IEC 62443 provides you with the best possible protection against cyber attacks and improves the overall security of your production. The international standard provides you with a guideline of criteria and security requirements with which you can increase the integrity, availability and confidentiality of your components and systems.