Software products and industrial systems are as diverse as the applications for which they were developed. A reliable partner who understands your industry your intentions and your objective can help you develop an effective strategy to improve your security. Ultimately, it’s all about your customers’ trust in your products and services. And to strengthen this trust, you can count on the support of the experts of Limes Security and the IEC 62443 standard. Whether you want to adopt the standard for tenders, strive for certification or simply want to understand it for internal purposes, Limes Security can guide you.
Benefit from Limes Security’s extensive IEC 62443 experience towards compliance or even certification.
The IEC 62443 series was developed to secure industrial automation and control systems (IACS) throughout their lifecycle. It currently includes nine standards, technical reports (TR) and technical specifications (TS). IEC 62443 was initially developed for the industrial process sector but IACS are found in an ever-expanding range of domains and industries, such as power and energy supply and distribution, and transport. IACS technologies are central to critical infrastructure.
IT standards are not appropriate for IACS and other OT (operational technology) environments. For example, they have different performance and availability requirements, and equipment lifetime. Moreover, cyber-attacks on IT systems have are essentially economic consequences, while cyber-attacks on critical infrastructure can also be heavily environmental or even threaten public-health and lives. Implementing IEC 62443 can mitigate the effects and often prevent successful cyber-attacks. It can bolster security throughout the lifecycle and reduce costs.
IEC 62443 addresses not only the technology that comprises a control system, but also the work processes, countermeasures, and employees. The standard takes a holistic approach because not all risks are technology-based: the staff responsible for an IACS must have the required training, knowledge and skills to ensure security. IEC 62443 takes a risk-based approach to cyber security, which is based on the concept that it is neither efficient nor sustainable to try to protect all assets in equal measure. Instead, users must identify what is most valuable and requires the greatest protection and identify vulnerabilities.
Setting up and establishing teams
Developing templates for typical processes
Evaluating and coaching existing teams
Policies & Procedures
With an ISO 27001 certification, you have implemented a management system including processes and responsibilities for your IT security. The IEC 62443 series can now support you further in two fields:
1) You can use parts of the standard, such as IEC 62443-2-1 and IEC 62443-3-2, to extend the ISMS and security to OT systems such as your production systems.
2) Standard parts like IEC 62443-2-4, IEC 62443-3-3, IEC 62443-4-1 and IEC 62443-4-2 help to define security requirements for your suppliers of OT related systems and services in a standardized way.
As Limes Security, we provide you with the experience, guidance and templates needed to get you IEC 62443 compliant and ready for a certification audit. We can also provide you with an inofficial confirmation of your IEC 62443 complient efforts. The official certification audit itself is than conducted by an accredited body like one of the TÜVs. We can also help you in finding the suitable auditor for you.
We have seen many security standards come and go, but IEC 62443 is here to stay. It is already widely adopted by many organizations and also often refered to by laws and regulations. Depending on your industry there may be domain specific security standards and guidelines (e.g. for rail, automotive or medical devices). But most evolving domain specific standards are at least refering to, some even just detailing the IEC 62443. So you have quite some confidence that working with IEC 62443 is not betting on the wrong horse. Also it is the one security standard your suppliers and customers will most likely know about.