Guidance Testing & Inspection
TÜV AUSTRIA Websites > TÜV Austria Egypt > Solution > Industry > Industrial Security Concepts \| IEC 62443 Solution: Industrial Security Concepts \| IEC 62443 Guidance Testing & Inspection Solution: Industrial Security Concepts \| IEC 62443 DI Alexander Zeppelzauer DI Alexander Zeppelzauer Region: Österreich TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Österreich +43 664 60454 6276 Send email TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Österreich Save to My Bundle DI Alexander Zeppelzauer Save to My Bundle TÜV AUSTRIA CERT GMBH TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Tel: +43 (0)504 54-6048 Fax: +43 (0)504 54-8145 E-Mail: cert@tuv.at tuv.at/cert Save to My Bundle Save to My Bundle TÜV AUSTRIA CERT GMBH TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Tel: +43 (0)504 54-6048 Fax: +43 (0)504 54-8145 E-Mail: cert@tuv.at tuv.at/cert TÜV AUSTRIA GMBH TÜV AUSTRIA GMBH Region: Österreich Deutschstraße 10 1230 Wien Österreich +43 5 0454 0 Send email Deutschstraße 10 1230 Wien Österreich Save to My Bundle TÜV AUSTRIA GMBH Save to My Bundle TÜV AUSTRIA CERT GMBH TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Tel: +43 (0)504 54-6048 Fax: +43 (0)504 54-8145 E-Mail: cert@tuv.at tuv.at/cert Save to My Bundle Save to My Bundle TÜV AUSTRIA CERT GMBH TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Tel: +43 (0)504 54-6048 Fax: +43 (0)504 54-8145 E-Mail: cert@tuv.at tuv.at/cert Industrial security concepts for industrial automation systems according to IEC 62443 Security from one source TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services as well as support during implementation. Thanks to its holistic view of companies, TÜV AUSTRIA sometimes ensures ongoing risk minimisation, competitive advantages through independent third party verification as well as consistent safety. Accreditation All accreditations In which region do you need this solution? All regions "TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services." Cyber Security: Risk analysis and management according to IEC 62443 With the increasing connectivity of production plants (IIoT), new hazards arise that need to be included in traditional risk management processes. As a plant operator, machine or control manufacturer, you should also be aware of these risks. The IEC 62443 international standard series addresses the cyber security of Industrial Automation and Control Systems (IACS), taking a holistic approach that covers the entire lifecycle. Cyber Security & IT/OT Integrity Do I need it at all? Example based on the TRITON malware framework: Triton, which was first discovered in 2017 in a Saudi Arabian chemical plant, is one of the best-known representatives of industrial plant-specific malware. In this case, the plant’s security system is specifically attacked in order to take over and control it remotely. At the time, the software had already been dormant in the system for several years before it caused the plant to fail twice in 2017. However, the attackers could also have triggered the release of dangerous gases or explosions, which would have endangered not only economic resources but also human lives. Common cyber security myths Myth 1: We are not connected to the internet at all. Myth 2: Our firewall protects us from any dangers. Myth 3: Hackers have no idea about SCADA/DCS/PLC. Myth 4: Our system is not a target for attacks. Myth 5: Our security system will repel all damage. Machine and plant operators Thanks to the IEC 62443 standard, you as a machine/plant operator know the security requirements of your operation and are thus in a position to both secure your production and expand your operation with new machines or process plants that meet the security requirements without much additional measures (IEC 62443 3-2, 3-3). Machine manufacturers and plant constructors The IEC 62443 standard enables you as a plant and machine manufacturer to build and install systems with defined security requirements (IEC 62443 3-2, 3-3). This enables seamless integration into existing plants with known security requirements. Controller manufacturer (IACS) You as a controller manufacturer (IACS) can include the consideration of security requirements according to IEC 62443 4-1 in your product development processes in order to develop controllers with the security requirements relevant to your customers according to IEC 62443-4-2 IEC. Maintenance and service processes are made safe thanks to IEC 62443 2-4. Plant Safety & Risk Management Risk factors to which we should pay attention Until about 15 years ago, plant performance and safety was based on technical integrity and processes and systems. At that time, it was recognised that human factors had a major impact on safety and performance. General risk management assumptions suggest that up to 80% of all safety and performance incidents are caused by human factors. It is important to understand that cyber security integrity breaches can have a major impact on security and performance. Cyber security incidents can originate from human factors, systems and direct technical integrity. TÜV AUSTRIA Services Industrial plants Network segmentation – IT/OT Incident & Patch Management Vulnerability assessments & penetration tests Security awareness training for employees IoT, IIoT and Industrial Automated Control Systems (IACS) Secure product development, integration and certification Security Hardening Secure hardware and software for the entire product life cycle Physical & cognitive assistance systems Security by Design Collaborative Robotics and AR/VR Evaluation of the workspace Overview of the IEC 62443 family Part 1: General Part 1.1: Terms, concepts and models Part 1-2: List of terms and abbreviations Part 1-3: Measures of compliance with system safety Part 1-4: IACS Security Life Cycle and Use Cases Part 2: Policies and procedures Part 2-1: Setting up an industrial automation and control system. Part 2-2: Guidance for the Implementation of an IACS Security Management System Part 2-3: Patch Management in the IACS Environment Part 2-4: Security Programme Requirement for IACS Service Providers Part 3: System Part 3-1: Safety technologies for industrial automation and control systems Part 3-2: Safety risk assessment and system design Part 3-3: System requirements and safety levels Part 4: Component / Product Part 4-1: Requirements for a safe product development cycle Part 4-2: Technical safety requirements for IACS components More Tags: Assistance system Connectivity Consulting Control system Controller manufacturer Cyber Security Digitalization Electronics Elektronik Industrial Automation Industrial Internet of Things Industrial plant Industry Industry 4.0 Internet of Things IoT IT Security Life cycle Machine control Machine manufacturer Machine Safety Machine Safety Directive Machinery Malicious software Malware Manufacturer MD Mechanical engineering MRK Operator Plant operator Plant safety Production plant Risk Risk management Risk minimization Robot Robotics Safety Safety solution Security requirements Sensor technology Sicherheit Technology & Innovation Center TIC Related solutions from the same sector: Machinery Calibration: Pressure and Temperature Industry Show more Save to my Bundle due diligence check Industry Show more Save to my Bundle Risk Management Certification for Organizations and Systems \| ONR 49001 Industry Show more Save to my Bundle Common Criteria \| ISO/IEC 15408 Industry Show more Save to my Bundle All Solutions Discover more sectors: Agriculture Automotive Certification Communications Technology Construction & Real Estate Electronics Energy Foodstuffs Health & Medicine Industry IT & Security Leisure & Entertainment Municipalities Science & Research Sports & Fitness Sustainability Tourism Trade & Commerce Transport & Traffic Alexander Zeppelzauer +43 664 60454 6276 \| alexander.zeppelzauer@tuv.at
Alexander Zeppelzauer +43 664 60454 6276 \| alexander.zeppelzauer@tuv.at

TÜV AUSTRIA Websites > TÜV Austria Egypt > Solution > Industry > Industrial Security Concepts | IEC 62443

Solution: Industrial Security Concepts | IEC 62443

Guidance Testing & Inspection

DI Alexander Zeppelzauer

Region: Österreich

TÜV AUSTRIA-Platz 1 2345 Brunn am Gebirge Österreich

+43 664 60454 6276

Send email

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

TÜV AUSTRIA GMBH

Region: Österreich

Deutschstraße 10 1230 Wien Österreich

+43 5 0454 0

Send email

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

TÜV AUSTRIA CERT GMBH

TÜV AUSTRIA-Platz 1
2345 Brunn am Gebirge
Tel: +43 (0)504 54-6048
Fax: +43 (0)504 54-8145
E-Mail: cert@tuv.at
tuv.at/cert

Industrial security concepts for industrial automation systems according to IEC 62443

Security from one source

TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services as well as support during implementation. Thanks to its holistic view of companies, TÜV AUSTRIA sometimes ensures ongoing risk minimisation, competitive advantages through independent third party verification as well as consistent safety.

Accreditation

All accreditations

In which region do you need this solution?

All regions

"TÜV AUSTRIA accompanies companies on their way to certification according to IEC 62443 with comprehensive analyses & consulting services."

Cyber Security: Risk analysis and management according to IEC 62443

With the increasing connectivity of production plants (IIoT), new hazards arise that need to be included in traditional risk management processes. As a plant operator, machine or control manufacturer, you should also be aware of these risks. The IEC 62443 international standard series addresses the cyber security of Industrial Automation and Control Systems (IACS), taking a holistic approach that covers the entire lifecycle.

Cyber Security & IT/OT Integrity

Do I need it at all?

Example based on the TRITON malware framework: Triton, which was first discovered in 2017 in a Saudi Arabian chemical plant, is one of the best-known representatives of industrial plant-specific malware. In this case, the plant’s security system is specifically attacked in order to take over and control it remotely. At the time, the software had already been dormant in the system for several years before it caused the plant to fail twice in 2017. However, the attackers could also have triggered the release of dangerous gases or explosions, which would have endangered not only economic resources but also human lives.

Common cyber security myths

Myth 1: We are not connected to the internet at all.
Myth 2: Our firewall protects us from any dangers.
Myth 3: Hackers have no idea about SCADA/DCS/PLC.
Myth 4: Our system is not a target for attacks.
Myth 5: Our security system will repel all damage.

Machine and plant operators

Thanks to the IEC 62443 standard, you as a machine/plant operator know the security requirements of your operation and are thus in a position to both secure your production and expand your operation with new machines or process plants that meet the security requirements without much additional measures (IEC 62443 3-2, 3-3).

Machine manufacturers and plant constructors

The IEC 62443 standard enables you as a plant and machine manufacturer to build and install systems with defined security requirements (IEC 62443 3-2, 3-3). This enables seamless integration into existing plants with known security requirements.

Controller manufacturer (IACS)

You as a controller manufacturer (IACS) can include the consideration of security requirements according to IEC 62443 4-1 in your product development processes in order to develop controllers with the security requirements relevant to your customers according to IEC 62443-4-2 IEC. Maintenance and service processes are made safe thanks to IEC 62443 2-4.

Plant Safety & Risk Management

Risk factors to which we should pay attention

Until about 15 years ago, plant performance and safety was based on technical integrity and processes and systems. At that time, it was recognised that human factors had a major impact on safety and performance. General risk management assumptions suggest that up to 80% of all safety and performance incidents are caused by human factors.

It is important to understand that cyber security integrity breaches can have a major impact on security and performance. Cyber security incidents can originate from human factors, systems and direct technical integrity.