Security in relation to Industry 4.0
The risk of cyber attacks is increasing every day, and responsible handling of information is more important than ever. Information is a valuable asset, and loss or manipulation of data can lead to very serious consequences.
Standard IEC 62443 (Industrial Communication Networks – Networks and System Security) is now established as an internationally recognised standard for evidence of conformity in the process and automation industries. Because of a lack of further standardisation, many other industrial sectors are now also making use of this standard. This means that IEC 62443 is becoming the central certification standard for Industry 4.0.
IEC 62443 also serves as a possible evidence of fulfilment of the duty of care in accordance with the German Ordinance on Industrial Safety and Health (BetrSichV) and the German Product Safety Act (ProdSG).
How precise is Part 2 of IEC 62443?
Part 2 of the standard, entitled “Security for Industrial Automation and Control Systems” describes the IT security management system and therefore defines the organization of security and associated implementation tools.
Part 2-1 describes requirements for an IT security management system, such as for example definition of security procedures. In Part 2-2 there are notes on how and in which areas these procedures are to be implemented. The updating of automation system software (patching) is particularly important, as gaps in security can arise if obsolete software in in use. Therefore Part 2-3 is completely devoted to the subject of patch management. Part 2-4 is concerned with the use of IACS service providers for integration and servicing from the point of view of Security.
Benefits of certification to IEC 62443
- Confirmation of adherence to internationally-recognised security standards for clients and business partners
- Minimisation of the risk of errors and reputational damage (risk management)
- Reduction of costs and risks through advance identification and elimination of security loopholes
- Minimisation of production outages, increased plant availability
- Presentation of contemporary quality and security certifications as evidence of performance capability and customer focus
- Fulfilment of the duty of care in accordance with the German Ordinance on Industrial Safety and Health (BetrSichV) and the German Product Safety Act (ProdSG)