IEC 62443 for cyber security:

Secure industrial automation with INSYS icom

INSYS icom makes an important contribution to secure production environments and infrastructures with its IEC 62443-4-1 certification. Operators and integrators who want to protect their OT systems against cyber-attacks can rely on INSYS icom as a certified manufacturer.

Request consultation now!

Minimise security risks:
Strengthening cyber resilience with IEC 62443

While communication technology networking has become indispensable in industry, the risk of cyberattacks is growing at the same rate. While the IT infrastructure in companies is usually well protected (e.g. by ISO 27001), hackers are increasingly exploiting vulnerabilities in networks on the OT side to penetrate systems, damage industrial equipment or paralyse entire production processes. The weak points are often similar: mature systems with different hardware and software components as well as different networks whose protective measures – if available – do not necessarily interlock.

The international IEC 62443 series of standards aims to combat these imbalances and requires operators, integrators and manufacturers to take appropriate measures and provide proof of implementation for better cyber security.

The standards series IEC 62443 in a nutshell

IEC 62443 is an international series of standards for increasing cyber security in industrial applications. It focuses on industrial communication networks, so-called “Industrial Automation and Control Systems” (IACS), i.e. all hardware and software components that are necessary for the reliable and secure operation of a production plant. Originally derived from automation technology, the series of standards is now important for other industrial sectors as well as critical infrastructures (KRITIS).

In a holistic, risk-based approach, IEC 62443 considers all levels of an automation solution – from development to the finished product, from the process to the technology. There are also different roles: Plant operators must comply with different guidelines than system integrators or manufacturers, for example.

INSYS icom fulfils its obligations as a component manufacturer with certification in accordance with IEC 62443-4-1. Section 4-1 of the standard deals with a secure development process and defines specific requirements to ensure that products can be designed, developed and maintained securely from the outset. This includes the integration of security principles into the architecture and design of the product as well as the introduction of processes to identify, assess and eliminate potential vulnerabilities.

Your path to more cyber security

So, do operators or integrators fulfil the standard if they use a certified product? It’s not quite that simple, as only one aspect of the entire construct is considered: With IEC 62443, there is no “one” true solution. Operators, integrators and manufacturers must carry out individual risk and threat assessments in order to fulfil the requirements. Added to this is the multi-layered structure of the series of standards, which makes it necessary to review technical and procedural aspects in the entire OT system. This is the only way to achieve a holistic approach to cyber resilience.

From a holistic perspective, however, it is worthwhile for operators and system integrators to rely on manufacturers who are already demonstrably committed to cyber security. In concrete terms, this means that INSYS icom works according to the certified development process of IEC 62443-4-1, meaning that operators and integrators who rely on us as a component manufacturer generally fulfil their obligation to provide evidence of the use of secure components and already meet an important standard of the supplier management required in NIS2.

Here you can see what such a system could look like:

Request consultation now!

Security right from the start

IT security is a key value proposition for INSYS icom as an expert in industrial data communication. Find out more about our IT security culture and the principles of “Security First”, “Security by Design” and “Update it”:

IEC 62443 – Frequently asked questions

For which part of the standard has INSYS icom been certified?

INSYS icom has achieved the certification IEC 62443-4-1:2018 – Maturity Level 2: Managed. This certifies a secure development process for us as a manufacturer of industrial communication technology. You can find the official certificate here.

How does the INSYS icom certification help me as a system integrator?

Basically, certifying the development process of a component in accordance with IEC 62443-4-1 helps by creating the basis for a secure, efficient and standard-compliant system. Several factors are decisive for this: Integrators have the certainty that security risk testing is carried out during development and products are therefore less susceptible to vulnerabilities. In addition, the testing and integration effort is reduced as security requirements are already demonstrably fulfilled, which reduces the time and costs involved in implementation. Similarly, the effort required to provide evidence to customers, auditors or in relation to the regulations in some industries is also reduced when it comes to the fulfilment of cyber security measures. One example of this is the obligation to provide evidence of a secure supply chain in accordance with NIS2. Finally, system integrators benefit from continuous security maintenance, which is part of the certified development process, so that the installed components remain secure in the long term.

What role does an industrial router play in cyber security?

In industrial machines and systems, remote maintenance in conjunction with an industrial router or gateway establishes a connection to the internet and is therefore a potential entry point for attacks. The security level of the router and the remote maintenance solution are key criteria in the selection process. Verifiable security efforts by the manufacturer (e.g. through certifications) should be given special consideration here.

What is the difference between IT and OT security?

The subject of IT security in companies is the protection of information technology systems against damage and disruption. In contrast, OT security refers to the protection of industrial networks with control systems or systems that are important for production, such as SCADA or MES.
While IT security in companies generally fulfils a high standard, operational technology (OT) often still involves mature, heterogeneous systems in which the focus is on the function of the system and less on protecting it from external attacks. However, operationally critical downtimes can no longer only be caused by functional problems – cyber attacks are also a real threat. The focus of IEC 62443 on safety in the area of OT is therefore extremely important and almost overdue.

What are the particular challenges facing plant and mechanical engineering with IEC 62443?

Machine and plant engineers usually combine different roles, which are taken into account in the IEC 62443 series of standards. Firstly, they are of course manufacturers who produce complete machines and systems from their own or purchased components. At the same time, they are also responsible for their own production as operators. Finally, many companies act as system integrators for their machines and systems at their customers’ premises, where they could also take over operation on behalf of the customer on a permanent basis in future models.

What can INSYS icom, as a component manufacturer with IEC 62443-4-1 certification, do to reduce the workload and increase efficiency for plant and mechanical engineering? Find out more about our solutions for networking, monitoring and remote maintenance of machines.

Request consultation now!

Secure industrial solutions: Our products

Routers & gateways

The right device for your
requirements

VPN service

Remote access for maintenance, control
and data acquisition

Router management

Centralised device and
configuration management

Any further questions? We will be happy to assist you!