Create a free Manufacturing.net account to continue

How to Build a More Secure Connected World with IEC 62443

The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.

Apr 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
SGS

SGS, a testing, inspection and certification company, this week alerted manufacturers to a key tool for combating cyberattacks: IoT standard IEC 62443.

The digitalization of processes and systems to improve supply chain management, drive efficiencies and optimize cost-effectiveness has transformed manufacturing. Yet, the integration of the Internet of Things (IoT) and cloud technologies into value chains opens them up to the risk of cyberattack.

As the most widely recognized industrial IoT standard, IEC 62443 provides critical infrastructure agencies and industrial sectors with established guidelines for ensuring secure industrial automation and control systems (IACS).

The standard sets best practices for security and provides a way to assess the level of security performance, bridging the gap between operations and information technology, as well as between process safety and cybersecurity.

Potential Vulnerabilities

Industry 4.0 involves integrating smart technology into everything from energy systems, processes and factories to urban infrastructures and transportation systems. The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for asset owners, system integrators, product suppliers and other stakeholders.

Set against these desired outcomes is an increased risk of cyberattack. Where once, a criminal would need direct access to a system to control it, the inherent vulnerabilities of a connected system mean they can now potentially take control without leaving their home.

Cyberattacks are on the rise in all sectors, with attacks on manufacturing doubling in 2022. If an attack is successful but kept "in-house," it will, at the very least, offset any potential benefits accrued from the introduction of IoT solutions.

However, the impact can be enormous in other cases, spreading beyond the directly affected organization to affect whole communities. An example of this is the U.S. Colonial Pipeline shutdown in 2021. The attack was discovered in the early hours of May 7, 2021, when a ransom note was found in the company's IT system. Hackers had used DarkSide ransomware to access the company's systems through an outdated VPN. Data was then encrypted, putting the organization's operational technology (OT) network at risk, including the 5,500-mile pipeline.

In addition to the impact on the company, this attack also led to states declaring emergencies, rapid fuel price rises and supply shortages after consumers panicked and stockpiled fuel. In the longer term, it also highlighted vulnerabilities about industrial control systems (ICS) and OT networks and instilled a sense of urgency around the need to take industrial cybersecurity seriously.

Industrial Drivers

Business continuity is a major driver for the industrial sector. A cyberattack can cause significant disruption, including lost business and damage to infrastructure and reputation.

At the same time, the regulatory landscape is evolving, with authorities now looking for evidence of IoT cybersecurity management, e.g., European Union (EU) Radio Equipment Directive (RED) in 2024. IoT also falls under the provisions of various other legislation and standards, including the NIS2 Directive, Cyber Security Act and Cyber Resilience Act in the EU and NIST 8425 in the US.

IEC 62443

This series of standards originated in 2002 when the International Society of Automation (ISA) established the Industrial Automation and Control System Security standards committee (ISA99). 

Originally known as the ISA99 standards, they were renumbered in 2010 as the ANSI/ISA-62443 series and submitted to and used by International Electrotechnical Commission (IEC) working groups. 

In 2021, the IEC approved the IEC 62443 family of standards as 'horizontal standards,' meaning they are the foundation for addressing cybersecurity when any sector-specific standard is developed.

The series is organized into four parts:

  • Part 1: General: Covers topics common to the whole series of standards (terminology, concepts, models, etc.).
  • Part 2: Policies and procedures: Focuses on methods and processes associated with IACS security.
  • Part 3: System: System-level requirements.
  • Part 4: Components and requirements: Provides detailed requirements for IACS products.

As a whole, they define organizational and technical requirements for manufacturers, integrators, operators and industry; target people, processes, systems, solutions and components across all industries and facilities; support tailored security solutions; offer varying levels of security assurance and deliver a repeatable, holistic approach to cybersecurity.

Read Next
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
May 3, 2024
Latest in Cybersecurity
General Cyberattack
CISA, FBI Release Secure by Design Alert
May 3, 2024
Financial Cyber
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Manufacturing Infrastructure Cyber
CISA Releases Latest ICS Advisories
May 3, 2024
Ep92tn
Security Breach: Predictions That Hit
May 2, 2024
Related Stories
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Ep92tn
Cybersecurity
Security Breach: Predictions That Hit
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
More in Cybersecurity
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
The two agencies are urging manufacturers to eliminate directory traversal vulnerabilities.
May 3, 2024
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
The fear is that larger RaaS groups are exercising greater control over their affiliates.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Cybersecurity
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024
Andrew Witty, Chief Executive Officer of UnitedHealth Group, testifies at a Senate Finance Committee hearing examining cyber attacks on health care, and the Change Healthcare cyber attack, Wednesday, May 1, 2024, on Capitol Hill in Washington.
Cybersecurity
Change Healthcare Cyberattack Due to Lack of Multifactor Authentication
That's according to UnitedHealth CEO Andrew Witty.
May 1, 2024
I Stock 1311492607
Cybersecurity
ZAG Launches Cybersecurity Series for Food, Agriculture Sectors
Empowering agricultural businesses with the tools necessary to protect their digital infrastructure.
April 29, 2024
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Too many are paying, and the reasons range from understandable to infuriating.
April 25, 2024
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
Ap24114558425503
Cybersecurity
UnitedHealth Says Wide Swath of Patient Files May Have Been Taken in Cyberattack
Screen shots containing protected health information or personally identifiable information were posted.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024