The Hague, April 16, 2020 – As the first water board in the Netherlands, Rijnland had several of its OT systems certified on compliance with the IEC 62443, the international standard for cyber security within Operational Technology. For Rijnland, this is a step towards making their water purification and water transport process automation more robust and digitally resilient.
Pieter van Dijk, team leader Process Automation at Rijnland: “Of course I am extremely proud that Rijnland passed the conformity test with IEC 62443.This would not have been possible without the efforts of the PA vitalization project team, employees of the Process Automation team and the collaboration with Hudson Cybertec.”
We came to the conclusion that process automation is not an aid, but an asset that is indispensable in the control and operation of the primary process. In addition, it showed us the potential vulnerability of the way we used to work. Without a smoothl running process automation, the primary process will come to a standstill or the end product will fail to meet the quality requirements. Information security (cyber security) should offer a solution. At Rijnland, the team has been strengthened with an Information Security Process Automation Advisor in the person of Hans Smit, working in close cooperation with Hudson Cybertec. “Digitization has many advantages for us,” says Smit, “but we also realize that failure of digital means makes us vulnerable. Not only hardware failure, but also cyber risks are increasingly included in our policy. The BIO (Baseline Informatiebeveiliging Overheid/Baseline Information security Government) gives us guidance to take measures in the field of process automation. For our process automation, we have chosen to conform to the international standard for cybersecurity within operational technology, IEC 62443, because the BIO in its current form does not offer sufficient guidance for process automation”.
Rijnland has been assisted by Hudson Cybertec, both organizations have been working together for years to raise the cyber security of Rijnland to a higher level. As a cybersecurity specialist in the field of industrial automation, Hudson Cybertec has an excellent reputation as an international subject matter expert for IEC 62443. With this knowledge and experience, the organization has advised and guided Rijnland in the steps of the certification process with TÜV.
Marcel Jutte, Managing Director of Hudson Cybertec: “Establishing an adequate Cyber Security Management System (CSMS) is not only important at Rijnland, but for all organizations in the vital infrastructure. These organizations are, or will be, affected by the Wet Beveiliging Netwerk- en Informatiesystemen (Security Act Network and Information Systems), abbreviated Wbni. The certification of Rijnland is an important milestone for all involved and we are very pleased with the achieved result.”
In order to independently test OT system compliancy with the IEC 62443, Rijnland has asked TÜV Nederland to carry out the certification process. To this end, TÜV Netherlands conducted an audit at the end of February, which was aimed at assessing whether Rijnland complied with the requirements within IEC 62443 part 3-3 (Requirements for system security and security level).
Rijnland is an early adopter in obtaining the IEC 62443 certificate, both within the Union of Water Boards and in the Netherlands in general. With this certification, Rijnland wants to demonstrate that it is possible for more installations within the water board to be certified and possibly also for other water boards.
Click here to read the full news article in Dutch.