It’s no secret that IT products can be hacked. Organisations using IT products in their infrastructure have two policy-related questions. The first question is whether new IT products can violate the security policy of their infrastructure, for example by giving unauthorised people access to certain data – a stepping stone to attacks on the infrastructure. The second question concerns risk management: are the effort, skills and tools needed to hack the product less than the level of risk the company considers acceptable?
In the world of industrial automation, the infrastructure of operational technology (OT) used to be relatively independent. The introduction of the IoT changed this. Now, there is a risk of hackers using IoT products as a stepping stone to hack the infrastructure of a company, for example, or as devices to set up DDoS attacks on other organisations. This development requires companies to organise their security management and understand the security quality of IoT products. The Global Standard for the Security of Industrial Control System Networks (IEC) 62443 Security for Industrial Automation and Control Systems (IACS) was defined for this purpose: on device level (ISA/IEC 62443-4-2), system level (ISA/IEC 62443-4-1) and processes (ISA/IEC 62443-2-X).
With applications in industries such as automotive, industrial IoT, smart grid and oil & gas, ISA/IEC 62443 is an important way for organisations to demonstrate compliance and due diligence and manage cyber risk.
For more information about IEC 62443 and how we can help you, please email us at firstname.lastname@example.org.