IEC 62443 – a standard you should know if you work with security in ICS systems
What does the standard IEC 62443 really mean and who can benefit from it? We explain what the standard covers and what you need to think about if you want to follow it!
What is the purpose with IEC 62443?
IEC 62443 deals with Industrial Control Systems (ICS systems). The purpose of the standard is to improve the integrity, availability and confidentiality of the components. The standard also sets out criteria that can guide you when implementing secure systems.
What does the standard mean?
The standard consists of four parts: general, policies and procedures, system and component. Broadly speaking, the standard concerns requirements and processes for security within ICS systems.
Among other things, it is mentioned that users must be authenticated before they can access the system (which may seem obvious) and that they should be given the right degree of permissions, and that their activities shall be monitored.
It must also be ensured that the systems cannot be manipulated, but also that it is not possible to reveal, without permission, what kind of information there is in the systems. Another aspect is that the availability of the important functions in the systems must be ensured, also called resilience. The systems must also be divided into zones and the data flow between these zones must be limited.
It is of great importance that there is a system for incidents, so-called incident management. Violations must be reported to the appropriate instance and it must also be ensured that measures are taken to handle the violation.
Who is the standard for?
This standard can be relevant for system and facility owners, but also for suppliers of both products and services. If you work with security in Industrial Control Systems, this is a standard you should know!
Read more about secure IT/OT integration in our solution description!