Process & Control September 2022

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

PC-SEP22-PG24-25.1_Layout 1 12/09/2022 09:38 Page 24

INDUSTRY 4.0/IIoT SETTING A SECURE STANDARD

Joe Lomako, Business Development Manager (IoT) at TÜV SÜD, explains more about the IEC 62443 set of security standards and how six out of the 14 separate documents represent a good starting point to ensuring cybersecurity in an industrial environment

many industries around the world. Today’s smart factories are actively leveraging the potential of interconnected systems to streamline production, increase output and reduce waste, while also increasing production flexibility. However, the growing dependence on

T

interconnected technologies in the industrial environment increases our vulnerability to cyber threats. From the theft of proprietary technical knowledge to threats of plant shutdowns and even damage and destruction of critical industrial assets, the risk of cyberattacks on industrial operations represent a genuine concern that can impose significant financial costs and even put lives in danger. Therefore, taking action to strengthen industrial cybersecurity is more important than ever. While efforts to address cyber threats

targeting ICT systems are generally well- established in many organisations, the issue of managing threats targeting operational technology has only recently become a priority. As a result, the implementation of internal policies and procedures for addressing the security of technologies and

2 SEPTEMBER 2022 | PROCESS & CONTROL 4

he widespread deployment of interconnected technologies has transformed the industrial landscape in

systems used in industrial operations often lags behind an organisation’s other cybersecurity efforts. A different approach is required to address

cybersecurity requirements specific to an industrial automation and control system (IACS). IEC 62443 – “Industrial Communication Networks – Network and System Security” is a series of internationally accepted standards, technical reports and technical specifications that provides a systematic approach for assessing and mitigating current and future cybersecurity risks for an IACS. Based in part on the principles found in a

number of different national cybersecurity standards, the IEC 62443 series provides a clear yet flexible framework that is equally applicable in discrete and process-oriented manufacturing environments in a range of industries. Comprised of 14 separate parts, the IEC

62443 series details the specific cybersecurity responsibilities of individual participants (“roles”) that are involved in the development, deployment, use or maintenance of industrial control systems and components. These roles include: • Asset owner - individual or organisation responsible for one or more IACS

• Product supplier - manufacturer or

developer of hardware or software components integrated into an IACS • Service provider – individual or

organisation that provides support services or supplies to the asset owner for an industrial control system or component. This includes integration and maintenance services. The specific requirements presented in the

IEC 62443 series also give equal weight to the contributions of people, processes and technology in ensuring cybersecurity in an industrial environment. Six out of the 14 separate documents in the

IEC 62443 series represent a good starting point for industrial organisations seeking to secure their IACS from cyber threats: 1. IEC 62443-2-1 - specifies requirements

for asset owners of IACS. The security program must define security capabilities that apply to the secure operation of an IACS. 2. IEC 62443-2-4 - details a

comprehensive set of security capability requirements for service providers of all types involved in the integration or maintenance of an IACS. The standard provides for the development of “profiles”, which can be used to address the unique characteristics of specific environments.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52 | Page 53 | Page 54 | Page 55 | Page 56 | Page 57 | Page 58 | Page 59 | Page 60 | Page 61 | Page 62 | Page 63 | Page 64 | Page 65 | Page 66 | Page 67 | Page 68 | Page 69 | Page 70