Services

LEADING BRAND IN SECURITY ASSESSMENT - ONWARD

Compliance & Assessment Services

ISA/IEC 62443

The Scope of IEC 62443 Standard

4-1. Product Development Requirements

4-2. Technical Security Requirement for IACS Components

 

Why ISA/IEC 62443

Cyber Security in Industrial Automation and Control (IACS)

  • The system design is not secure enough and can not be solved by technical means, then appropriate management and procedures are required.
  • Enterprises highly rely on IT technologies. Consequently, they are not able to resist security threats and avoid risks.
  • Human is always the biggest problem in cyber security management.
  • The attack technologies are becoming more and more complex, and the attack sources are quite extensive.
  • Public and private networks are interconnected to share information, making access control more difficult.
  • The decentralized computer operation weakens the effect of centralized management.

 

Implementation Timeline

Security Development Service of Industrial Automation and Control (IACS)

The methodology of International Standard IEC 62443-4-1 is adopted to assist in the establishment of secure product development plan

1. Differentiation Analysis

  • Feasibility evaluation of cyber security operation
  • Product security test (Pretest)

2. IEC 62443 4-1 Implementation

  • Status interview
  • Organization establishment and policy formulation
  • Plan security work flow of product development

3. IEC 62443 4-2 Testing

  • Cyber security test training
  • Compliance testing

 

IEC 62443-4-1 Product Development Requirements

8 Practices, 47 Requirements

IEC 62443-4-2 Technical Security Requirements for IACS Components

7 Foundational Requirements. 95 Security Requirements

  • IAC - Identification and Authentication Control
  • RA - Resource Availability
  • TRE - Timely Response to Event
  • RDF - Restricted Data Flow
  • DC - Data Confidentiality
  • SI - System Integrity
  • UC - User Control

 

Component Requirement (CR)

  • Software Application Requirement (SAR)
  • Embedded Device Requirement (EDR)
  • Host Device Requirement (HDR)
  • Network Device Requirement (NDR)

 

The Process of IEC 62443-4-2 Cybersecurity Testing