FEATURE
include comprehensive and standardized measures, processes and technical means, as well as preparation of people. But alongside all of this, it must also offer the recourse to an internationally recognized certification system.
A fundamental set of Standards for cyber security
tect ritical ure
value chain, from the manufacturers of automation technology to machine and system builders and installers as well as the operators themselves. Protection measures must address and mitigate not only current, but also pre-empt future security vulnerabilities. Facilities need to understand and mitigate risk as well as
install secure technology in order to build cyber resilience. This means implementing a holistic cyber security strategy at the organization, process and technical levels. Such a strategy must
The IEC has recently published IEC 62443-4-1-2018, the latest in a series of critical publications, establishing precise cyber security guidelines and specifications applicable to a wide range of industries and critical infrastructure environments. The IEC 62443 series recommends that security should be an integral part of the development process, with security functions already implemented in the machinery and systems. These horizontal Standards are also used in the transport
sector: a set of cyber security guidelines on board ships adopted by the International Maritime Organization (IMO) refer to IEC 62243. The Shift2Rail, an initiative that brings together key European railway stakeholders, is aiming to define how different aspects of cyber security should be applied to the railway sector. It has assessed applicable standards and has selected the IEC 62443 publications. The IEC 62443 Standards are also compatible with the US National Institute of Standards and Technology (NIST) cyber security framework.
Internationally recognized certification is key
Another boon is that the 62443 Standards have their own certification programme. The IEC is the only organization in the world that provides an international and standardized form of certification which deals with cyber security. It is supplied by IECEE, the IEC System for Conformity Assessment Schemes for Electrotechnical Equipment and Components. The IECEE industrial cyber security programme tests and certifies cyber security in the industrial automation sector. The IEC is also working with the United Nations Economic Commission for Europe (UNECE) to create a common regulatory objectives document focusing on conformity assessment and cyber security. The aim of the document is to provide a methodology for a comprehensive system’s approach to conformity assessment that can be applied to any technical system in the cyber security field. “Achieving cyber protection in a cost-effective manner results
from applying the right protection at the appropriate points in the system to limit the risk and the consequences of a cyber attack. This means modelling the system, conducting a risk analysis, choosing the right security requirements which are part of IEC Standards, and applying the appropriate level of conformity assessment against the requirements, according to the risk analysis. We need to assess the components of the system, the competencies of the people designing, operating and maintaining it, and the processes and procedures used to run it. This holistic approach to conformity assessment is indispensable to protect facilities, especially critical infrastructure, from cyber crime”, explains David Hanlon, Secretary of the IEC Conformity Assessment Board. In a world where cyber threats are becoming ubiquitous, being
able to apply a specific set of International Standards combined with a dedicated and worldwide certification programme, is one of the best ways of ensuring long-term cyber protection of critical infrastructure.
www.isopps.com 11
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19
