Electronics World Dec/Jan 2026

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Focus: System security

four types of industrial automation and control system components – embedded devices, host devices like industrial PCs, gateways and controllers, network devices including switches, fi rewalls, routers and wireless infrastructure, and soſt ware applications. For buyers and integrators, 4-2 is where

the language turns from high-level intent into features you can actually check for. It gives you concrete expectations around device and user identities, least-privilege access, integrity protection for fi rmware and soſt ware, encrypted communications, event logging and resilience under load. Instead of draſt ing bespoke security

OT security through IEC 62443-4-2

By Louisa Rochford, Content Marketing Manager, Impulse Embedded

W

alk into almost any control room today, and you’ll see the same to- do list competing for attention:

refresh ageing hardware, connect more assets, meet new regulatory expectations and, somehow, do it without adding cyber risks. Company boards are asking tougher questions about OT resilience, regulators are tightening the rules and, yet, many plants are still running critical workloads on equipment that predates modern security expectations. In that environment “just make it secure”

is not a helpful instruction. Engineers need something more concrete: a way to translate policy into technical requirements for routers, switches, gateways and industrial PCs; a way to compare products on more than datasheet speeds and feeds; and a way to evidence that the estate is moving in the right direction. T at is where IEC 62443-4-2 comes in; it

gives vendors, integrators and asset owners a common security baseline for individual components – the building blocks of secure OT networks and edge computing.

IEC 62443 in the bigger picture IEC 62443 is a family of standards designed specifi cally for industrial automation and control systems. It spans the secure development lifecycle, component hardening, system architecture and day-to- day operations, covering how products are developed, how components are hardened, how systems are partitioned into zones and conduits, and how they are run and maintained over time. Two parts matter most when you’re

looking at equipment selection: 1. IEC 62443-4-1 defi nes secure development lifecycle practices for suppliers, including threat modelling, coding standards, vulnerability handling and update processes; and

2. IEC 62443-4-2, which meanwhile sets out technical security requirements for

clauses for every project, you can point to IEC 62443-4-2 and ask suppliers to demonstrate how their products meet it or, in some cases, how they have been independently certifi ed against it.

A natural starting point Most OT incidents still begin the same way: a weak boundary, an exposed remote access path or an unmonitored device on the edge of the network. T at makes networking equipment a logical place to start applying IEC 62443-4-2 in practice. When you apply IEC 62443-4-2 to

routers, fi rewalls, managed switches and wireless infrastructure, it maps to seven foundational requirements: identifi cation and authentication control, use control, system integrity, data confi dentiality, restricted data fl ow, timely response to events, and resource availability. In other words, it sets expectations around who and what can talk to a device, what they are allowed to do, how data is protected in transit, how fl ows are constrained, how events are surfaced and how the device behaves under stress. In a real network, that means perimeter

fi rewalls and secure routers enforce authenticated, encrypted tunnels. Management access is tied to named user accounts and roles rather than shared admin logins. Firmware integrity is checked before and aſt er updates. Managed switches follow the same

pattern, enforcing segmentation and traffi c shaping, accepting confi guration changes only from authenticated sessions, and

www.electronicsworld.co.uk December 2025/January 2026 11

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48