Home   >   Services   >   ISMS - Security and Value of Information   >   Industrial Security Concepts – IEC 62443

Industrial Security Concepts – IEC 62443

With the increasing connectivity of production plants (IIoT), new threats arise that need to be included in traditional risk management processes. As a plant operator, machine or control manufacturer, you should also be aware of these risks. The IEC 62443 international standard series addresses the cyber security of Industrial Automation and Control Systems (IACS), following a holistic approach that covers the entire life cycle.

Cyber Security & IT/OT Integrity: Do I actually need that?

Example based on the TRITON malware framework: Triton, which was first discovered in 2017 in a Saudi Arabian chemical plant, is one of the best-known representatives of industrial plant-specific malware. In this case, the plant’s security system is targeted in order to take over and control it remotely. The software had been slumbering in the system for several years before it caused the plant to fail twice in 2017. However, the attackers could also have triggered the release of dangerous gases or explosions, which would have endangered not only economic resources but also human lives.

[/one_half_last]

Approach

Cyber Security & IT/OT Integrity

Machine and Plant Operators

Thanks to the IEC 62443 standard, you as a machine/plant operator know the security requirements of your business and are thus in a position both to secure your production and to expand your business with new machines or process plants that meet the security requirements without much additional work (IEC 62443 3-2, 3-3).

Machine Manufacturers and Plant Engineers

The IEC 62443 standard enables you as a plant and machine manufacturer to build and install systems with defined security requirements (IEC 62443 3-2, 3-3). This enables seamless integration into existing plants with known security requirements.

Control System Manufacturers (IACS)

You as a control system manufacturer (IACS) can include the consideration of security requirements according to IEC 62443 4-1 in your product development processes in order to develop control systems with the security requirements according to IEC 62443-4-2 IEC that are relevant for your customers. Maintenance and service processes are designed safely thanks to IEC 62443 2-4.

Plant Safety & Risk Management

Risk factors to which we should pay attention

Until about 15 years ago, plant performance and safety were based on technical integrity as well as processes and systems. At that time, it was recognised that human factors had a major impact on safety and performance. General risk management assumptions suggest that up to 80% of all safety and performance incidents are caused by human factors.

Understanding that losses of integrity in cyber security can have a major impact on security and performance is important. Cyber security incidents can originate from human factors, systems and direct technical integrity.

Your benefits

Our services

Industrial Plants

  • Network Segmentations – IT/OT
  • Incident and Patch Management
  • Vulnerability Assessments & Penetration Tests
  • Security Awareness Training for employees

IoT, IIoT and Industrial Automation and Control Systems (IACS)

  • Secure product development, integration and certification
  • Security Hardening
  • Secure hardware and software for the entire product lifecycle

Physical & Cognitive Assistant Systems

  • Security by Design
  • Collaborative robotics and AR/VR
  • Evaluation of the workspace