Cybersecurity in industrial systems, IEC 62443

Purpose

The industrial, automation and control systems industries are some of the latest major targets for hackers and have been subject to significant attacks in recent times. Therefore, it is of utmost importance for companies operating in this field to ensure that products meet the requirements of the standard.

We perform testing and review of products against the IEC 62443 standard part 4.1 and 4.2. 4.1 describes the seven fundamental requirements (FRS, Foundational Requirements) which are the requirements for the control system's capacity, safety levels and their components. 4.2 describes a safe development life cycle.

Our testings and reviews assess whether the product meets the seven basic requirements of the standard:
- Identification and authentication control
- User control
- System integrity
- Data confidentiality
- Restriced data flow
- Timley response to events
- Resource avalibility

We also secure the development lifecycle, also known as "product development lifecycle".

Method

The evaluation is based on methods accredited by Swedac for the standards:

• SS-EN IEC 62443 part 4.1 Secure product development lifecycle requirements
• SS-EN IEC 62443 part 4.2 Technical security requirements for IACS components

The test against the standard is advantageously complemented by a penetration test that RISE can offer as a separate service. Here you find our offer in penetration testing. 

Delivery

The tests will be presented in a test report according to EN ISO/IEC 17025 and it is possible to also include the results of the evaluation of the requirements from the checklist in Annex A of the standard in this report.

Avaliable courses

- Course on cybersecurity in industrial communication networks ISA/IEC 62443-4