IEC 62443: The international cyber security standard for Industry 4.0

Download free whitepaper

Industry 4.0: Focusing on industrial security with IEC 62443

Hackers do not stop at industrial plants. If they find a weak point, they can sometimes put entire industrial plants out of operation. 

Furthermore, EU laws, which are subsequently transposed into national law, require the implementation of best practice approaches for products, processes and services. The EU's NIS 2.0 Directive serves as an example. In the current German version, it requires products, processes and services for critical infrastructures to have security certification. 

With IEC 62443 as a globally recognized standard, operators, integrators and manufacturers of industrial automation systems can protect themselves against cyber attacks and improve the general security of their processes, products and systems. In the form of criteria and security requirements, the standard provides you with effective guidelines to increase the availability, integrity and confidentiality of your components and systems. 

With scoping, audits, supplier evaluations and certification (by TÜV NORD CERT), we offer you the essential building blocks on the way to a secure Industry 4.0 solution.

  

  Effective realization of current IT security standards

With an initial IEC 62443 implementation, you can introduce future-proof processes for secure product development or the secure operation of a system while minimizing IT risks, uncovering vulnerabilities and improving the security level of your system.
 

  Looking towards the future

Diverse nationale Gesetze & EU-Direktiven, wie der Cyber Security Act, der Cyber Resilience Act, die Radio Equipment Directive (RED) der EU und daraus abgeleitete nationale Gesetze, fordern Nachweise über die Einhaltung der Sicherheit auf prozessualer und/oder Produktebene. 
 

Download free white paper on IEC 62443!

Contents of the whitepaper:

■ Structure of IEC 62443
■ Roles & Scope of IEC 62443 in IACS
■ Concepts used in IEC 62443
■ Defense-in Depth
■ Zones & Conduits
■ Cybersecurity Life Cycle for IACS using PDCA
■ Security Levels on the basis IEC 62443 3-3 & 4-2
■ Maturity Levels on the basis of IEC 62443 2-4 & 4-1

Download now for free 2 MB | pdf

Download with restricted access

Please fill the form below to download the file "Whitepaper IEC 62443". In connection you will receive an email with further instructions to start the download.

The benefits of IEC 62443 at a glance

Effective implementation of IT security
By implementing IEC 62443, you can effectively implement current IT security standards for industrial automation.
 

Encouraging security awareness 
By implementing IEC 62443, you raise your employees' awareness of IT security and data protection.
 

Sustainable increase in IT security
With the help of IEC 62443, you can establish monitoring and control mechanisms and thus increase the IT security of your system. 
 

Trust among customers & business partners
You benefit from competitive advantages through objective proof of trust from customers and partners.
 

Better risk management
By detecting security gaps at an early stage, you reduce IT risks & avoid reputational damage. 
  

Easier market access
International recognition of IEC 62443 makes it easier for you to access new markets.
 

Successful cost reduction
By identifying weak points & optimizing inefficient processes, you reduce costs, e.g. through downtime. 
 

Continuous improvement
IEC implementation improves the security level of your production plant.
 

Our IEC 62443 services at a glance


Scope definition


Pre-audits to determine readiness for certification


Supplier evaluations with the help of the Security Scorecard


Certification audit (incl. certification by TÜV NORD CERT)

IEC 62443: Essential steps for successful certification

1. 

Scope determination

The first step is to define the exact scope of the certification.

2. 

Pre-audit

The purpose of the pre-audit is to determine readiness for certification.

3. 

Document review (stage 1)

Evaluation of the management system documents in accordance with the requirements of IEC 62443. 

4. 

On-site audit (stage 2)

Evaluation of the effectiveness of the management system introduced in the company in accordance with IEC 62443.

5. 

Certification

If the requirements are met, TÜV NORD CERT will issue a certificate.

Frequently Asked Questions (FAQ):

What is IEC 62443?

IEC 62443 is an internationally recognized series of standards that takes a holistic approach to industrial security in the process and automation industry. It is aimed at operators, integrators and manufacturers of industrial automation systems and contains procedures for implementing secure "Industrial Automation and Control Systems" (IACS). As these are crucial for the security of the entire production plant, the aim of IEC 62443 is to provide operators, integrators and manufacturers with criteria that they can use to improve the integrity and availability of components and systems and to implement secure IACS. 

What is the focus of IEC 62443?

The standard focuses on the cybersecurity of industrial automation and control systems (IACS), which are crucial for the security of the entire production plant. The term IACS therefore covers all elements, such as systems, components and processes, that are necessary for the secure and reliable operation of an automation solution.

In addition, IEC 62443 also takes into account the organizational processes behind the design and operation of these.

The international standard aims to improve the integrity and availability of components and systems as well as the secure implementation of IACS. To achieve this goal, IEC 62443 provides corresponding security criteria. 

Who is the target group of IEC 62443?

The international standard is aimed at operators, integrators and manufacturers of industrial automation systems. Within the standard, these three entities are assigned specific roles and tasks. The aim is to achieve the most comprehensive protection possible across several levels by involving all stakeholders.

How is IEC 62443 structured?

The international standard consists of the following four interrelated parts:

  • IEC 62443-1: General principles (basic concepts and models of the standard series, terms and abbreviations used, key figures)
  • IEC 62443-2: Security requirements for operators & service providers (specific guidelines for effective implementation of an IACS cyber security management system)
  • IEC 62443-3: Security requirements for automation systems (application of various security technologies)
  • IEC 62443-4: Security requirements for automation components (requirements for secure products, components and systems)

You can find more detailed information on the different parts in our free whitepaper on IEC 62443.

What is the defense-in-depth approach?

The defense-in-depth approach pursued by IEC 62443 is a multi-layered security mechanism that increases the security of the entire system. If one layer within this onion-like system is attacked or bypassed, the other layers continue to offer sufficient protection against potential cyber attacks. This is where the effective interaction between the operator, integrator and manufacturer comes into play, as each of these roles is responsible for the security of different layers.

You can find more detailed information on this in our free whitepaper on IEC 62443.

IEC 62443 vs. ISO 27001: What are the differences?

ISO 27001 relates to the establishment and operation of an information security management system (ISMS) and contains generic requirements for the organization of IT security. It therefore addresses information security in general, but does not contain any specific requirements in relation to OT (Operational Technology). 

IEC 62443, on the other hand, focuses on the protection of industrial automation systems and, in this context, also takes into account the special features of OT. The international standard therefore contains specific technical requirements for automation systems and their components and is therefore much more specific than ISO 27001. 

Why we are a strong partner for you

Independence

Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.

Expertise

As IT security experts, we have already successfully carried out numerous projects in the field of industrial security and are actively involved in IEC standardization committees.

International network of experts

Around the globe: We support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

 

You have questions? We are pleased to help!

  

Gerald Krebs

Global Account Manager

+49 201 8999-411
g.krebs@tuvit.de

  

Further services

ICS Security

In the context of Industry 4.0 and the Internet of Things (IoT), the networking of systems for process control, production and automation is increasing dramatically. As a result, challenges are also increasing in relation to security. TÜViT offers security checks and penetration tests in order to reduce security vulnerabilities in your production infrastructure.
Read more

Information Security Management

TÜViT carries out audits of information security management systems (ISMS) according to international ISO standards as well as on the basis of the German Federal Office for Information Security's (BSI) Basic IT Protection Standard, the so-called “IT-Grundschutz”.
Read more

Data Centers / Colocation / Cloud Infrastructures Data Center Security

The impact of digitalization is unstoppable: Business-critical processes are operated digitally and conferences are held online. Industry 4.0 is also on the verge of a massive digital transformation. It quickly becomes clear: Data centers are more important than ever for companies and private individuals. They form the backbone of digitalization and are the exchange points of critical IT infrastructures.
Read more

Public Key Infrastructures for Industry and Energy Sector

A Public Key Infrastructure (PKI) is a secure solution for the generation and administration of the required certificates. TÜViT supports industrial and energy companies in the conceptual development and expansion of standard-compliant PKIs: from the planning and project implementation, through to testing and certification.
Read more