jtsec, the first Spanish laboratory accredited to carry out IEC 62443 4-1 and IEC 62443 4-2 assessments of industrial components.

Blog

30
- March
2022
Posted by: José Ruiz
[jtsec statements]
jtsec, the first Spanish laboratory accredited to carry out IEC 62443 4-1 and IEC 62443 4-2 assessments of industrial components.

For some years now, cybersecurity in the industrial field has been taking on a particularly significant relevance. Industrial sectors have taken note of the seriousness of suffering cyber-attacks that could potentially stop or slow down their production, or expose sensitive information.

In fact, according to the annual report dratted by the cybersecurity firm Claroty "The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption", 80% of respondents suffered an attack and 47% reported an impact on their industrial/OT control system environment. In addition, more than 60% paid ransom and just over half (52%) paid $500,000 or more.

As a result, more than 70% of companies in the industrial sector have increased their cybersecurity budget, according to data provided by the CCI (Centre for Industrial Cybersecurity in Spain)" in the report "Study on the State of Industrial Cybersecurity in Europe". *Source: CCI "Study on the State of Industrial Cybersecurity in Europe"

Understanding the IEC 62443 4-1 and IEC 62443 4-2 standards

IEC 62443 is the international standard for the security of industrial automation control systems and components (IACS). This standard is currently the only reliable solution for testing the cyber security of components in the field of industrial automation. The application of this standard is the way to objectively demonstrate that cyber security is a top priority in your company, encouraging industrial control systems to protect themselves against cyber threats.

IEC 62443-4-1: Focuses on secure product development lifecycle requirements. Specifies the process requirements for the secure development of products used in an IACS device taking into account the product life cycle. It has 4 maturity levels showing the requirements that have been evaluated and their level of maturity, the number of requirements is 47.

IEC 62443-4-2: Focused on the technical security requirements for IACS components. More than a methodology, it is a catalogue of requirements to be met by industrial components and has four security levels depending on the requirements to be met. It has 141 requirements. If you want to know more, see our blog "Industrial Cybersecurity. Evaluation and Compliance with IEC 62443-4-2".

It should be noted that it is mandatory to obtain the IEC 62443 4-1 certification before the evaluation for IEC 62443 4-2.

jtsec collaborates as an evaluation laboratory with the CERE Certification Body.

This March, after an exhaustive audit by IECEE, we obtained accreditation to carry out assessments under the IECEE CB scheme, more specifically for the IEC 62443 4-1 and IEC 62443 4-2 standards, dedicated to assessing the cybersecurity of industrial components.

This collaboration makes us the first laboratory in Spain to be accredited to assess the aforementioned standards. For CERE, it means being the first Certification Body in Spain accredited by IECEE for the IEC 62443 4-1 and IEC 62443 4-2 standards, so the collaboration between both companies has great prospects for the future. We are very excited about this new stage and about partnering with a prestigious company such as CERE.

jtsec collaborates with associations and working groups dedicated to industrial cybersecurity

At jtsec we take industrial cybersecurity as a priority. For this reason, we contribute to different working groups and organisations that promote the development of industrial standards, as well as the promotion of an ecosystem of companies and organisations that enable greater knowledge and dissemination of industrial security. For this reason, we actively participate in:

CCI (Centre for Industrial Cybersecurity): This is the largest international ecosystem of these characteristics and the meeting point for private and public entities and professionals in Industrial Cybersecurity. We are active members of the CCI ecosystem contributing to the improvement of cybersecurity in the industrial sphere.

Editors in the ERNCIP thematic group for "Industrial Automation & Control Systems (IACS)": The ERNCIP IACS component cybersecurity certification thematic group focuses on the cybersecurity certification of industrial automation and control system components.

How can we help you with your industrial cybersecurity certification?

At jtsec we can help you obtain IEC 62443 4-1 and 62443 4-2 certification, as we offer both consultancy consultancy and evaluation services, being the first laboratory accredited in Spain to assess these standards.

If you want to check the cybersecurity of any industrial IoT component, we will be happy to help you.

tags
José Ruiz/CTO

Jose is an expert consultant on the Common Criteria standard with more than 10 years of experience. Jose has a wide background in other security assurance standards in the field of the information technology as Common Criteria, FIPS 140-2, FIPS 140-3, GP TEE, PCI-PTS, LINCE. Jose has served as an evaluator, Technical Leader and CC Consultant for Epoche&Espri and as CC lab manager and Cyber Security Service Manager for Applus+. His experience has led him to participate as a speaker in various editions of the ICCC (International Common Criteria Conference) and ICMC (International Cryptographic Module Conference). He has been the “Chairman” of a subgroup within the ISCI WG1 Eurosmart Initiative to develop the CC Methodology. He is also member of different working groups as ISO SC27 or Global Platform TEE and an active member of the group ERNCIP “IACS Cybersecurity certification“.

In 2017 he founded with Javier what is now known as jtsec. He is currently in charge of promoting the commercial expansion of the company from its headquarters in Madrid as CTO. In addition, he represents jtsec in various national and international forums and is responsible for quality.


Contact

Send us your questions or suggestions!

By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
RECENT POSTS
jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
Jan 17, 2025
jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
jtsec & Applus+ Laboratories at ICCC24
Nov 14, 2024
jtsec & Applus+ Laboratories at ICCC24
How to use the CCN product catalog to improve your company's security
Oct 14, 2024
How to use the CCN product catalog to improve your company's security
Common Criteria Statistics 2023
June 17, 2024
Common Criteria Statistics 2023
How to enter ENS category high, stay in the catalog and add new versions of my product
April 23, 2024
How to enter ENS category high, stay in the catalog and add new versions of my product
jtsec - Our LINCE 2023
Febr 6, 2024
jtsec - Our LINCE 2023
We wish you a happy and cybersecure 2024
Dec 19, 2023
We wish you a happy and cybersecure 2024
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
Dec 14, 2023
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
How to include your product or service in ENS ALTA.
Oct 31, 2023
How to include your product or service in ENS ALTA.
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
Sept 19, 2023
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
CATEGORIES