Industrial Security: Denying access to hackers

Essen: Companies that use networked components, be they in the control systems for an industrial plant or of railway vehicles, or the sensors of a roller coaster, must protect their communications networks from cyber-attacks - and that protection must be verifiable. This is the function of the IEC 62443 family of standards, for which TÜV NORD is now the first certifier to have been accredited in accordance with the latest DAkkS and IECEE schemata.

Networked components or systems are now in use in many fields. These range from medical technology, the automotive sector, railway technology and process and automation industry to power plants and wind farms. It is for this reason that operators, integrators and manufacturers in these and many other industries should not only consider whether their plants are operating safely but also how they are protecting their networked systems against hackers. A central tool for this is the IEC 62443 international family of standards, which focuses on IT security for industrial communication networks. With its clearly defined models and best practices, this standard provides assistance to the relevant players as they attempt to grapple with this complex issue.

Reducing liability risks, protecting consumers and workers 

Certification in accordance with IEC 62443 analyses and assesses security concepts and measures. It offers proof that the certified company is working in line with the state of the art and fulfilling its statutory duties of care - both of which are important requirements when it comes to minimising liability risks. In addition, components can in this way be safely released onto the market in line with legislation such as the German Product Safety Act (ProdSG). And, last but not least, it shows that enterprises are protecting their workers in accordance with ordinances on occupational health and safety.

Accredited in accordance with national and international requirements

TÜV NORD has now become the first certification company to be accredited by both the German accreditation body (DAkkS) and the international standardisation organisation, the IECEE, to carry out all relevant validations and certifications pursuant to IEC 62443. The DAkkS accreditation was granted in line with the most recent schemata, 71 SD 02019 (accreditation requirements for conformity assessment bodies in the area of information security/cyber-security for automated industrial systems in accordance with IEC 62443).

On-site assessments

In addition to the mandatory document review, the certification covers such aspects as practical on-site tests and audits with the aim of validating that the system is responding as it ought to respond.

“The industrial sector is increasingly grasping the importance of this key standard. We’ve seen a strong increase in demand for certifications in accordance with IEC 62443, especially from manufacturers of safety-related components like controls or sensors. In the coming months we expect further growth,” says Ulf Theike, General Manager of TÜV NORD Systems.

Multiple security issues

Certification in accordance with the IEC 62443 family of standards is one of the central services in Security4Safety, in which TÜV NORD pools services that dovetail classic product and operational safety with IT security. The certification supplements audits of information security and data protection in the corresponding quality management systems as well as functional security reviews.

Caption:
Networked systems are now being used in many industries. And it’s become crucial to keep a very watchful eye out for gateways for hackers. Image: Unsplash.com