IEC 62443 Standard
Cyber security for Industrial Automation & Control Systems
The IEC 62443 standard is for operational technology (OT), what the ISO 27000 standard is for information technology (IT).
The IEC 62443 is in fact a series of standards, technical reports, and related information that define procedures for securing Industrial Automation and Control Systems (IACS). These documents are the result of the IEC standards creation process where ANSI/ISA-62443 proposals (ISA99 Committee) and other inputs (like WIB) are submitted to country committees. The comments are reviewed by various IEC 62443 committees where those comments are discussed and, if necessary, changes are made. The IEC develops worldwide standards under the flag of the World Standards Cooperation, which includes the ISO and ITU as members.
The IEC 62443 standard offers your organization guidelines for the improvement of the digital security and safety of your IACS environment. Implementation of the standard improves the cyber security level of your OT- or ICS/SCADA environment.
The target audience for the IEC 62443 standards are ‘End Users’ & ‘Solution Providers’. The term ‘Solution Providers’ is used as catch-all term for ‘Manufacturers’, System Integrators’ and ‘Vendors’, but any company is free to implement the standard. The IEC 62443 standard consists of four categories: ‘General’, ‘Policies & Procedures’, ‘System’ and ‘Component’:
- IEC 62443 1-X: General This category contains foundational information regarding concepts, models and terminology. These parts of the standard are used as basis for the other categories of the IEC 62443 standard; ‘Policies & Procedures’, ‘System’ and ‘Component’.
- IEC 62443 2-X: Policies & Procedures The 'Policies & Procedures' category is mostly aimed at 'End Users' & 'Solution Providers' and comprises the different aspects for creating and maintaining an effective Cyber Security Management System (CSMS).
- IEC 62443 3-X: System The parts of the standard in this category describes the technical requirements for system design and they provide guiding principles for the secure development and integration of systems. The focus of this category is on the 'Solution Providers' and at the center of this category is the zone and conduit model.
- IEC 62443 4-X: Component The last category contains all the technical guidelines for developing products, by 'Manufacturers’ for example, to be used in the IACS environment. 'System Integrators’ and 'End Users’ can still make use of this category by taking the requirements in these standards as basis for selecting and purchasing safe components to be used in their systems.
3-day IEC 62443 training course
In cooperation with the Dutch Institute for Normalization (NEN), we offer the training course “IEC 62443 - Cyber Security for Industrial Automation & Control Systems (IACS)”. Click here for more information about the course or click here to register.
Stay In Control With Cyber Security Management
When implementing the IEC 62443 standard for your Industrial Automation and Control System (IACS) domain, a Cyber Security Management System (CSMS) will be at its core. This CSMS is used to stay in control of an organization's cyber security and is effective for any size company.
The development and implementation of a CSMS can take some time, depending on the requirements, resources available and the size of the organization. Such an implementation requires a structured and phased approach. Hudson Cybertec has thorough experience supporting organizations with the development and implementation of their CSMS, which is tailored to each individual organization’s requirements.
To support the development and implementation of a CSMS, depending on the requirements of your organization, we provide everything from ad-hoc support to a full-service package, where we manage the development and implementation of the CSMS. Managing cyber security is essential for good assurance of cyber security in the organization. The responsibility for managing cyber security often lies with a Chief Operational Security Officer (COSO). If your organization cannot perform this role internally, Hudson Cybertec will assist you on an interim, fulltime or part-time basis. We fulfill the COSO role for you with an experienced and qualified security professional. The COSO helps your organization develop and implement a cyber security strategy based on international standards and your organization’s requirements. To ensure a rolling start of a project, we provide additional resources at the start of the project to ensure that organization reaps the benefits of the CSMS as soon as possible.
How can we help you?
To ensure a successful implementation of your CSMS, we can manage its development and implementation for your organization. This is achieved by providing customized management services like a fulltime, interim or part-time COSO function (COSO on demand).
IEC 62443 Competence Center
The IEC 62443 Competence Center of Hudson Cybertec has a very broad experience with this standard. The company plays an active role in the development of the standard and actively raises awareness about it internationally. The Competence Center is always aware of the latest developments regarding IoT, IIoT, Industry 4.0, Smart Industry, Smart Cities, and amongst others, and helps companies with:
- The implementation of a Cyber Security Management System (CSMS)
- Providing (Chief) Operational Security Officer ((C)OSO) services
- Writing policies and procedures
Because each sector has its own specific needs regarding (cyber) security, Hudson Cybertec has opted for a different approach to cyber security by sector. Hudson Cybertec facilitates companies with the developed sector specific expertise, in a way that optimally matches the specific security needs of the sector to which a company belongs.
The IEC 62443 Competence Center of Hudson Cybertec supports you and your organization in the field of cybersecurity. Due to our involvement in standardization development, Hudson Cybertec can give you the most up-to-date advice regarding cyber security.