How can I get started with IEC 62443?

Benefit from Limes Security’s extensive IEC 62443 experience towards compliance or even certification.

Software products and industrial systems are as diverse as the applications for which they were developed. A reliable partner who understands your industry your intentions and your objective can help you develop an effective strategy to improve your security. Ultimately, it’s all about your customers’ trust in your products and services. And to strengthen this trust, you can count on the support of the experts of Limes Security and the IEC 62443 standard. Whether you want to adopt the standard for tenders, strive for certification or simply want to understand it for internal purposes, Limes Security can guide you.

The IEC 62443 series was developed to secure industrial automation and control systems (IACS) throughout their lifecycle. It currently includes nine standards, technical reports (TR) and technical specifications (TS). IEC 62443 was initially developed for the industrial process sector but IACS are found in an ever-expanding range of domains and industries, such as power and energy supply and distribution, and transport. IACS technologies are central to critical infrastructure.

IT standards are not appropriate for IACS and other OT (operational technology) environments. For example, they have different performance and availability requirements, and equipment lifetime. Moreover, cyber-attacks on IT systems have are essentially economic consequences, while cyber-attacks on critical infrastructure can also be heavily environmental or even threaten public-health and lives. Implementing IEC 62443 can mitigate the effects and often prevent successful cyber-attacks. It can bolster security throughout the lifecycle and reduce costs.

IEC 62443 addresses not only the technology that comprises a control system, but also the work processes, countermeasures, and employees. The standard takes a holistic approach because not all risks are technology-based: the staff responsible for an IACS must have the required training, knowledge and skills to ensure security. IEC 62443 takes a risk-based approach to cyber security, which is based on the concept that it is neither efficient nor sustainable to try to protect all assets in equal measure. Instead, users must identify what is most valuable and requires the greatest protection and identify vulnerabilities.

Setting up and establishing teams

Developing templates for typical processes

Evaluating and coaching existing teams

|

Our Services

Gap analysis

Assessment of the status quo of security activities in the product development process and the development department and improvement of the understanding of the requirements of the IEC 62443-4-1 standard and implementation scenarios.

Training

Training of your employees in the area of “secure software development” according to the IEC 62443-4-1 standard

Security Consulting

With our in depth understanding of industrial environments we support you to implement security processes and controls following IEC 62443 to mitigate the effects and often prevent successful cyber-attacks.

Primer workshop

Workshop to show you what the IEC 62243 standard is all about and how it can be used to improve the security of your organization and in which specific way.

General

IEC-62443-1-1

Terminology, concepts
and models

IEC-62443-1-2

Master glossary of terms and abreviations

IEC-62443-1-3

System security
compliance metrics

IEC-62443-1-4

IACS security lifecycle
and use-case

Policies & Procedures

IEC-62443-2-1

Requirements for an IACS security management system

IEC-62443-2-2

Implementation guidance for an IACS security management system

IEC-62443-2-3

Patch management in the IACS environment

IEC-62443-2-4

Installation and maintenance requirements for IACS suppliers

System

IEC-62443-3-1

Security technologies
for IACS

IEC-62443-3-2

Security levels for zones and conduits

IEC-62443-3-3

System security requirements and security levels

Component

IEC-62443-4-1

Product development
requirements

IEC-62443-4-2

Technical security requirements for IACS components

FAQs

I already have ISO27001 certification. Why do I need IEC62443?

With an ISO 27001 certification, you have implemented a management system including processes and responsibilities for your IT security. The IEC 62443 series can now support you further in two fields:
1) You can use parts of the standard, such as IEC 62443-2-1 and IEC 62443-3-2, to extend the ISMS and security to OT systems such as your production systems.
2) Standard parts like IEC 62443-2-4, IEC 62443-3-3, IEC 62443-4-1 and IEC 62443-4-2 help to define security requirements for your suppliers of OT related systems and services in a standardized way.

Can Limes Security give me a IEC 62443 certification?

As Limes Security, we provide you with the experience, guidance and templates needed to get you IEC 62443 compliant and ready for a certification audit. We can also provide you with an inofficial confirmation of your IEC 62443 complient efforts. The official certification audit itself is than conducted by an accredited body like one of the TÜVs. We can also help you in finding the suitable auditor for you.

Is IEC 62443 the right standard for me? Is there a better standard for me?

We have seen many security standards come and go, but IEC 62443 is here to stay. It is already widely adopted by many organizations and also often refered to by laws and regulations. Depending on your industry there may be domain specific security standards and guidelines (e.g. for rail, automotive or medical devices). But most evolving domain specific standards are at least refering to, some even just detailing the IEC 62443. So you have quite some confidence that working with IEC 62443 is not betting on the wrong horse. Also it is the one security standard your suppliers and customers will most likely know about.