discovered, explained
Focus on industrial security with IEC 62443
As an operator, integrator or manufacturer of industrial automation systems, IEC 62443 provides you with the best possible protection against cyber attacks and improves the general security of your processes, products or systems. The standard provides you with effective guidelines in the form of criteria and security requirements.
IEC 62443 is an internationally recognised series of standards that takes a holistic approach to industrial security in the process and automation industry. It is aimed at operators, integrators and manufacturers of industrial automation systems and contains procedures for implementing secure "Industrial Automation and Control Systems" (IACS). As these are crucial for the security of the entire production plant, the aim of IEC 62443 is to provide operators, integrators and manufacturers with criteria that they can use to improve the integrity and availability of components and systems and to implement secure IACS.
With an upstream IEC 62443 implementation, you can introduce future-proof processes for secure product development or secure operation of a system and also minimise IT risks, uncover weak points and improve the security level of your system.
Various national laws and EU directives, such as the Cyber Security Act, the Cyber Resilience Act, the EU's Radio Equipment Directive (RED) and national laws derived from these, require proof of security compliance at process and/or product level.
The standard focuses on the cybersecurity of industrial automation and control systems (IACS), which are crucial for the safety of the entire production plant. The term IACS therefore covers all elements, such as systems, components and processes, that are necessary for the safe and reliable operation of an automation solution.
In addition, IEC 62443 also takes into account the organisational processes behind the design and operation of these.
The international standard aims to improve the integrity and availability of components and systems as well as the safe implementation of IACS. To achieve this goal, IEC 62443 provides corresponding safety criteria.
The international standard is aimed at operators, integrators and manufacturers of industrial automation systems. Within the standard, these three entities are assigned specific roles and tasks. The aim is to achieve the most comprehensive protection possible across several levels by involving all stakeholders.
The international standard consists of the following four interrelated parts:
You can find more detailed information on the individual parts in our free white paper on IEC 62443.
The defence-in-depth approach pursued by IEC 62443 is a multi-layered security mechanism that increases the security of the entire system. If one layer within this onion-like system is attacked or bypassed, the other layers continue to offer sufficient protection against potential cyber attacks. This is where the effective interaction between the operator, integrator and manufacturer comes into play, as each of these roles is responsible for the security of different layers.
You can find more detailed information on this in our free white paper on IEC 62443.
ISO 27001 relates to the establishment and operation of an information security management system (ISMS) and contains generic requirements for the organisation of IT security. It therefore addresses information security in general, but does not contain any specific requirements in relation to OT (Operational Technology).
IEC 62443, on the other hand, focusses on the protection of industrial automation systems and, in this context, also takes into account the special features of OT. The international standard therefore contains concrete technical requirements for automation systems and their components and is therefore much more specific than ISO 27001.