A Member in Good Standing of TIC Council | TÜV®
Solutions for Security of Operating Systems and IEC 62443
Overview
Cyber Security
Risk-Analysis and -Management based on IEC 62443
With increased connectivity of production assets (IIoT), new hazards are emerging that need to be included into the traditional risk management processes. As part of operational hazard analysis and occupational health & safety risk management, risk assessments for production facilities should be extended to include aspects of IT networking and software/application risks.
ContactCyber Security & IT/OT Integrity
Why do I need this?
TRITON-Malware-Framework as an example
One of the best-known representatives of industrial plant-specific malware is Triton, which was first discovered in 2017 in a Saudi-Arabian chemical factory. It attacks the plant's security system in a targeted manner in order to take over and control it from a distance. The software had already been slumbering in the system for several years before it caused the plant to fail twice in 2017. However, the attackers could also have triggered the release of dangerous gases or explosions, which would have endangered not only economic resources but also human lives.
Myth 1
We're not connected to the internet
Myth 2
We're secure because we have a firewall
Myth 3
Hacker's don't understand SCADA/DCS/PLC
Myth 4
Our facility is not a target
Myth 5
Our Safety Systems will Prevent any harm
Asset Owner
Thanks to the IEC 62443 standard, the machine / system operator knows the security requirements of his company. You are thus able to both secure your production and expand your operation with new machines or process installations, that meet the security requirements, without much additional measures (IEC 62443 3-2, 3-3).
ContactSystem Integrator
The IEC 62443 standard enables you as system integrator and machinery manufacturer, to build and install plants with defined security requirements (IEC 62443 3-2, 3-3). This enables seamless integration into existing systems with known safety requirements.
ContactProduct Supplier
The industrial control manufacturer (IACS) can include the consideration of security requirements under IEC 62443 4-1 in its product development processes in order to develop industrial controls with the security requirements relevant to its customers in accordance with IEC 62443 4-2. Maintenance and service processes are designed safely according to IEC 62443 2-4.
ContactRisk factors
What areas do you have to pay attention to?
Asset Performance & Risk Management
Up to some 15 years ago, Asset Performance and Safety was based on Technical Integrity and Processes and Systems. It was then recognised that Human Factors had a major impact on Safety and Performance. Common Risk Mgt assumptions are that up to 80% of all safety and performance incidents have Human Factors as a Root Case.
It is important to understand that Cyber Security integrity losses can have a major impact on Safety & Performance. Cyber incidents can have their cause in Human Factors, on systems as well as direct technical Integrity.
Security from a single source
TÜV AUSTRIA accompanies clients on their way to certification according to IEC 62443 with comprehensive analysis and consulting services as well as support during implementation. Thanks to its holistic approach, TÜV AUSTRIA ensures continuous risk minimisation, competitive advantages due to the proof of an independent third party and consistent safety.
ContactOur services in detail
- Segmentation of networks – IT/OT
- Incident and patch management
- Conducting vulnerability assessments and penetration testing
- Training for security awareness of employees
Industrial facilities
- Secure product development, integration and certification
- Security hardening
- Secure hard- & software for the whole product life cycle
IoT, IIoT and Industrial Automated Control Systems (IACS)
- Security by design
- Collaborative robotics and AR/VR
- Workspace evaluation
Physical & cognitive assistance systems
IEC 62443-Family Overview
Part 1: General | |
|---|---|
| Part 1-1 | Terminology, concepts and models |
| Part 1-2 | Master glossary of terms and abbreviations |
| Part 1-3 | System security compliance metrics |
| Part 1-4 | IACS security lifecycle and use-cases |
Part 2: Policies & Procedures | |
| Part 2-1 | Establishing an industrial automation and control system |
| Part 2-2 | Implementation guidance for an IACS security management system |
| Part 2-3 | Patch management in the IACS environment |
| Part 2-4 | Security program requirements for IACS service providers |
Part 3: System | |
| Part 3-1 | Security technologies for industrial automation and control system |
| Part 3-2 | Security risk assesment and system design |
| Part 3-3 | System requirements and security levels |
Part 4: Component / Product | |
| Part 4-1 | Secure product development lifecycle requirements |
| Part 4-2 | Technical security requirements for IACS components |
Contact form
Contact
Contact infos
Dipl.-Ing. Alexander Zeppelzauer
Tel.: +43 664 60454 6276
Mail: alexander.zeppelzauer@tuv.at
David Bolsman, B.Sc.
Tel.: +43 664 60454 6154
Mail: david.bolsman@tuv.at
Contact us now!