search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEATURE Machine Building


Building machinery with cybersecurity in mind


Paul Taylor, Business Development Director for Industrial Services at TÜV SÜD, discusses ways to protect your machinery


A


s cyber physical systems are deployed, new vulnerabilities may emerge and a cyberattack can put an entire industrial


facility at risk. Vulnerabilities include lack of knowledge about how to apply IT security protection to machinery that has not traditionally required it, as well as systems running legacy communication networks, with which today’s cybersecurity software is incompatible. Equally, merging traditional ways of working with Industry 4.0 approaches can cause problems. For example, remote maintenance by equipment suppliers or subcontractors requires a connection to their network, which may be infected or have less stringent IT security. Likewise, existing machines on the factory fl oor that lack digital identifi cation and authentication functionality can’t determine if the operating instructions received via the network are from an authorised source. There is also the risk that the smart tags on components or the fi nal product are manipulated in a cyberattack.


Machinery suppliers and integrators must


therefore optimise the cyber resilience of their connected components and systems, implementing security solutions from the start. For machinery end users it means that analyses, assessments and tests should be pivotal in implementing appropriate security controls.


The international standard IEC-62443 – “Security for Industrial Automation and Control Systems (IACS)” provides a structured approach to cybersecurity. Originally


20 October 2021 | Automation


developed for the IACS supply chain, it is now the leading industrial cybersecurity standard for all types of plants, facilities and systems across all industries. It applies to component suppliers, system integrators and asset owners, and addresses security processes along the complete supply chain. For example, product suppliers’ certifi cation should be based on IEC-62443-4-1 “Product security development life-cycle requirements”. This part of the standard applies to the supplier’s overall security programmes and the security processes connected to the development of the relevant component and control system. Through a set of defi ned process


requirements, IEC-62443 ensures that all applicable security aspects are addressed in a structured manner. This includes a systematic approach to cybersecurity throughout the stages of specifi cation, integration, operation, maintenance and decommissioning. Also, the standard ensures that processes are established to facilitate all necessary technical security functions – throughout the product and system lifetime. And corresponding certifi cations (e.g., IEC-62443-2-4 “Security program requirements for IACS service providers”) enable system integrators to verify whether generic processes and security processes for a reference architecture or blueprint are compliant. During the certifi cation process, the auditor executes a conformity assessment based on document reviews, interviews and on-site audits. When compliance with standard requirements has been confi rmed,


the certifi cation concludes with the issuance of a report and a certifi cation mark. The IEC-62443 standard also specifi es technical security requirements for components and systems, described in IEC-62443-4-2 and IEC-62443-3-3. Industry 4.0 and the IoT promise unmatched fl exibility and innovative business models, but as systems and processes become digitised and interconnected, so cybercriminals are increasingly hacking into the critical infrastructure of connected production facilities, requiring ongoing investment in cybersecurity. To harness these opportunities, industry must therefore fully understand the new challenges and take steps to minimise the risks. IEC- 62443 provides a holistic approach to help mitigate risks, and provides increased assurance to the entire machinery supply chain. Awareness and understanding of the IEC 62443 standard and its components – among other cybersecurity laws and regulations – can help prevent cybercrime within a business. Not only will this minimise risk through cyber resilience, it will also increase competitiveness as the implementation of IEC-62443 demonstrates a high level of commitment to industry best practice through the optimisation of security capabilities.


CONTACT:


TÜV SÜD www.tuvsud.com/uk


automationmagazine.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50