Solution: Industrial Security Concepts | IEC 62443

Solution: Industrial Security Concepts | IEC 62443

DI Alexander Zeppelzauer

Region: Österreich

TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Österreich

+43 664 60454 6276

E-posta gönder

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

Ing. Gerry Arrich, MSc MA

Region: Österreich

Deutschstraße 10 1230 Wien Österreich

+43 5 0454 6425

E-posta gönder

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

Industrial security concepts for industrial automation systems according to IEC 62443

Security from one source

TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services as well as support during implementation. Thanks to its holistic view of companies, TÜV AUSTRIA sometimes ensures ongoing risk minimisation, competitive advantages through independent third party verification as well as consistent safety.

Akkreditasyon

Bu çözüme hangi bölgede ihtiyacınız var?

  • Tüm bölgeler

"TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services."

Cyber Security: Risk analysis and management according to IEC 62443

With the increasing connectivity of production plants (IIoT), new hazards arise that need to be included in traditional risk management processes. As a plant operator, machine or control manufacturer, you should also be aware of these risks. The IEC 62443 international standard series addresses the cyber security of Industrial Automation and Control Systems (IACS), taking a holistic approach that covers the entire lifecycle.

Cyber Security & IT/OT Integrity

Do I need it at all?

Example based on the TRITON malware framework: Triton, which was first discovered in 2017 in a Saudi Arabian chemical plant, is one of the best-known representatives of industrial plant-specific malware. In this case, the plant’s security system is specifically attacked in order to take over and control it remotely. At the time, the software had already been dormant in the system for several years before it caused the plant to fail twice in 2017. However, the attackers could also have triggered the release of dangerous gases or explosions, which would have endangered not only economic resources but also human lives.

Common cyber security myths

  • Myth 1: We are not connected to the internet at all.
  • Myth 2: Our firewall protects us from any dangers.
  • Myth 3: Hackers have no idea about SCADA/DCS/PLC.
  • Myth 4: Our system is not a target for attacks.
  • Myth 5: Our security system will repel all damage.

Machine and plant operators

Thanks to the IEC 62443 standard, you as a machine/plant operator know the security requirements of your operation and are thus in a position to both secure your production and expand your operation with new machines or process plants that meet the security requirements without much additional measures (IEC 62443 3-2, 3-3).

Machine manufacturers and plant constructors

The IEC 62443 standard enables you as a plant and machine manufacturer to build and install systems with defined security requirements (IEC 62443 3-2, 3-3). This enables seamless integration into existing plants with known security requirements.

Controller manufacturer (IACS)

You as a controller manufacturer (IACS) can include the consideration of security requirements according to IEC 62443 4-1 in your product development processes in order to develop controllers with the security requirements relevant to your customers according to IEC 62443-4-2 IEC. Maintenance and service processes are made safe thanks to IEC 62443 2-4.

Plant Safety & Risk Management

Risk factors to which we should pay attention

Until about 15 years ago, plant performance and safety was based on technical integrity and processes and systems. At that time, it was recognised that human factors had a major impact on safety and performance. General risk management assumptions suggest that up to 80% of all safety and performance incidents are caused by human factors.

It is important to understand that cyber security integrity breaches can have a major impact on security and performance. Cyber security incidents can originate from human factors, systems and direct technical integrity.

TÜV AUSTRIA Services

Industrial plants

  • Network segmentation – IT/OT
  • Incident & Patch Management
  • Vulnerability assessments & penetration tests
  • Security awareness training for employees

IoT, IIoT and Industrial Automated Control Systems (IACS)

  • Secure product development, integration and certification
  • Security Hardening
  • Secure hardware and software for the entire product life cycle

Physical & cognitive assistance systems

  • Security by Design
  • Collaborative Robotics and AR/VR
  • Evaluation of the workspace

Overview of the IEC 62443 family

Part 1: General

  • Part 1.1: Terms, concepts and models
  • Part 1-2: List of terms and abbreviations
  • Part 1-3: Measures of compliance with system safety
  • Part 1-4: IACS Security Life Cycle and Use Cases

 

Part 2: Policies and procedures

  • Part 2-1: Setting up an industrial automation and control system.
  • Part 2-2: Guidance for the Implementation of an IACS Security Management System
  • Part 2-3: Patch Management in the IACS Environment
  • Part 2-4: Security Programme Requirement for IACS Service Providers

Part 3: System

  • Part 3-1: Safety technologies for industrial automation and control systems
  • Part 3-2: Safety risk assessment and system design
  • Part 3-3: System requirements and safety levels

Part 4: Component / Product

  • Part 4-1: Requirements for a safe product development cycle
  • Part 4-2: Technical safety requirements for IACS components

"*" gerekli alanları gösterir

Land*
Address
Bu alan doğrulama amaçlıdır ve değişiklik yapılmadan bırakılmalıdır.

Ben tami.

Buraya ilk kez mi geliyorsunuz? Yolunuzu bulmanıza yardımcı olmaktan mutluluk duyacağım.

Sertifikayı kontrol edin

Bir çözüm bulun

Bilim ödülü gönderin

Sertifikayı kontrol edin

  • Kişi Sertifikası

  • Ürün Sertifikası

  • Sistem Sertifikası

  • Uygunluk Doğrulaması

Verileri girin ve bir sertifikayı kontrol edin

Bir çözüm bulun

Size nasıl yardımcı olabilirim?

WiPreis einreichen

WiPreis gönder

"*" gerekli alanları gösterir

1
2
3
4
First, please select in which category you would like to submit*