Munich. Increasing digitisation and interconnection raise the vulnerability of production facilities and critical infrastructures to cyber-attacks. The new standard IEC 62443 now offers organisations the possibility to verify their control and automation systems for potential vulnerabilities and develop effective measures for protection. TÜV SÜD is one of the first suppliers to offer the relevant tests and certifications according to IEC 62443.
Control and automation systems are increasingly built from standardised and interconnected hardware and software components. These open systems, so sought-after by industry, increase the risk of cyber attacks and manipulation of IT infrastructure. "The new IEC 62443 standard offers an integrated approach to ensuring the security and integrity of networks and systems", says Dr Thomas Störtkuhl, Team Leader Industrial IT Security at TÜV SÜD Rail GmbH. The standard focuses on the IT security of industrial automation and control systems (IACS). These systems are needed to ensure the reliable and secure operation of automated systems and infrastructures.
The IEC 62443 rests on four pillars. Pillar 1 comprises all documents that address the philosophy of the standard and its underlying terms and methods. Pillar 2 describes a management system including the pertinent requirements for the IT security of control and automation systems. Pillar 3 includes the IT security requirements for the industrial automation and control system (IACS). IACS is an IT system comprising several components including SCADA applications, PLC, field buses, actuators and sensors. The technical
requirements applying to these components and the development process are specified in pillar 4.
Tests and certifications for manufacturers and system integrators
Following publication of the IEC 62443 standard, TÜV SÜD is one of the first testing and inspection organisations to offer tests and certification for manufacturers according to IEC 62443-4-1 and system integrators according to IEC 62443-2-4. For further information on testing and certification and TÜV SÜD's comprehensive service portfolio in the field of Industrial IT Security, go to www.tuev-sued.de/en/embedded/industrialsecurity.