IEC 62443 Standard
Cyber security for Industrial Automation & Control Systems
The IEC 62443 standard is for operational technology (OT), what the ISO 27000 standard is for information technology (IT).
The IEC 62443 is in fact a series of standards, technical reports, and related information that define procedures for securing Industrial Automation and Control Systems (IACS). These documents are the result of the IEC standards creation process where ANSI/ISA-62443 proposals (ISA99 Committee) and other inputs (like WIB) are submitted to country committees. The comments are reviewed by various IEC 62443 committees where those comments are discussed and, if necessary, changes are made. The IEC develops worldwide standards under the flag of the World Standards Cooperation, which includes the ISO and ITU as members.
The IEC 62443 standard offers your organization guidelines for the improvement of the digital security and safety of your IACS environment. Implementation of the standard improves the cyber security level of your OT- or ICS/SCADA environment.
The target audience for the IEC 62443 standards are ‘End Users’ & ‘Solution Providers’. The term ‘Solution Providers’ is used as catch-all term for ‘Manufacturers’, System Integrators’ and ‘Vendors’, but any company is free to implement the standard. The IEC 62443 standard consists of four categories: ‘General’, ‘Policies & Procedures’, ‘System’ and ‘Component’:
- IEC 62443 1-X: General This category contains foundational information regarding concepts, models and terminology. These parts of the standard are used as basis for the other categories of the IEC 62443 standard; ‘Policies & Procedures’, ‘System’ and ‘Component’.
- IEC 62443 2-X: Policies & Procedures The 'Policies & Procedures' category is mostly aimed at 'End Users' & 'Solution Providers' and comprises the different aspects for creating and maintaining an effective Cyber Security Management System (CSMS).
- IEC 62443 3-X: System The parts of the standard in this category describes the technical requirements for system design and they provide guiding principles for the secure development and integration of systems. The focus of this category is on the 'Solution Providers' and at the center of this category is the zone and conduit model.
- IEC 62443 4-X: Component The last category contains all the technical guidelines for developing products, by 'Manufacturers’ for example, to be used in the IACS environment. 'System Integrators’ and 'End Users’ can still make use of this category by taking the requirements in these standards as basis for selecting and purchasing safe components to be used in their systems.
In cooperation with the Dutch Institute for Normalization (NEN), we offer the training course “IEC 62443 - Cyber Security for Industrial Automation & Control Systems (IACS)”. Click here for more information about the course or click here to register.
IEC 62443 Competence Center
The IEC 62443 Competence Center of Hudson Cybertec has a very broad experience with this standard. The company plays an active role in the development of the standard and actively raises awareness about it internationally. The Competence Center is always aware of the latest developments regarding IoT, IIoT, Industry 4.0, Smart Industry, Smart Cities, and amongst others, and helps companies with:
- Security Awareness
Because each sector has its own specific needs regarding (cyber) security, Hudson Cybertec has opted for a different approach to cyber security by sector. Hudson Cybertec facilitates companies with the developed sector specific expertise, in a way that optimally matches the specific security needs of the sector to which a company belongs.
The IEC 62443 Competence Center of Hudson Cybertec offers various professional trainings in the field of cyber security and Industrial automation. Our short trainings enable you to strengthen your skills and knowledge within a few days. The trainings are provided by experienced trainers who themselves work on these items with customers daily. Every training is constantly finding the right balance between theory and practical situations. Through active participation you will increase and secure your knowledge. Our cyber security training program has been developed from a longstanding expertise. The wishes of participants in previous trainings are well listened to. As a result, the trainings are fully in line with the practical needs.