Industrial Cybersecurity. Evaluation and Compliance with IEC 62443-4-2

Blog

13
- Augst
2020
Posted by: jtsec Team
[Cybersecurity research]
Industrial Cybersecurity. Evaluation and Compliance with IEC 62443-4-2

What is Industrial Cybersecurity? Definition and challenges

Industrial Cybersecurity is defined as the protection of information and industrial infrastructure processes that may be susceptible to cyber-attacks. Industrial cybersecurity is key to keep critical systems up and factories operational. Industrial companies need to grow, expand and benefit from the digital transformation in what we know as Industry 4.0, the Industrial Internet or the Connected Industry 4.0.

Industrial cybersecurity must face different types of threats and challenges, among which we can highlight the following ones:

  • The lack of a cybersecurity culture.

  • A real risk measurement and analysis.

  • Minimize the risk and eliminate its effects.

  • Lack of incident detection and management.

    Industrial Cybersecurity Regulation

    Interest in industrial cybersecurity has grown in recent years. The advent of the NIS directive has stimulated concern about cybersecurity in the European critical infrastructure sector, creating an opportunity for European industry. In addition, the approval of the Cybersecurity Act, meant the creation of a European cybersecurity agency: ENISA and the implementation of a European certification framework.

    This framework is in process and there are already European projects that contemplate the possibility of creating a certification scheme for industrial components.

    The NIS directive is currently being revised and it is not ruled out that cybersecurity certification will be mentioned as one of the aspects to be taken into account to ensure compliance.

    Therefore, we can conclude that future regulations (European and international) will take cybersecurity (and certification) into account.

    IEC 62443-4-2: the most recognized standard in the industry

    Currently there are several standards used in the market to verify the cybersecurity of industrial components among which IEC 62443-4-2 stands out as the most recognized within the industrial system.

    Considering that IEC 62443-4-2 is not an evaluation methodology as itself, it is a catalogue of requirements to be met by industrial components and has four security levels, depending on the requirements to be met.

    IEC is working on the creation of an evaluation methodology. TeleTrust has developed an evaluation methodology for 62443-4-2, which is the one we are based on in jtsec when carrying out our evaluation processes according to IEC 62443-4-2. Compliance with IEC 62443-4-2 encloses some of benefits for the developer:

  • Improve the cybersecurity in the component.

  • Preparation for the regulatory requirements that will come in the next few years.

  • Improving cybersecurity awareness within the company.

    At jtsec, we offer different services to evaluate the cybersecurity of your industrial systems/components:

  • Evaluation of compliance with industry standards such as IEC 62443-4-2 or UL 2900.

  • Vulnerability analysis and penetration testing for IIOT devices.

  • Certifications for industrial components, such as Common Criteria or LINCE (only valid in Spain).
    • tags
    jtsec Team/Staff

    jtsec: Beyond IT Security Team


    Contact

    Send us your questions or suggestions!

    By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
    RECENT POSTS
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    Jan 17, 2025
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    jtsec & Applus+ Laboratories at ICCC24
    Nov 14, 2024
    jtsec & Applus+ Laboratories at ICCC24
    How to use the CCN product catalog to improve your company's security
    Oct 14, 2024
    How to use the CCN product catalog to improve your company's security
    Common Criteria Statistics 2023
    June 17, 2024
    Common Criteria Statistics 2023
    How to enter ENS category high, stay in the catalog and add new versions of my product
    April 23, 2024
    How to enter ENS category high, stay in the catalog and add new versions of my product
    jtsec - Our LINCE 2023
    Febr 6, 2024
    jtsec - Our LINCE 2023
    We wish you a happy and cybersecure 2024
    Dec 19, 2023
    We wish you a happy and cybersecure 2024
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    Dec 14, 2023
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    How to include your product or service in ENS ALTA.
    Oct 31, 2023
    How to include your product or service in ENS ALTA.
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    Sept 19, 2023
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    CATEGORIES