9 Tips to Security Your Industrial Network with IEC 62443

In the past, asset owners relied on system integrators (SIs) such as Siemens, Honeywell, and ABB to provide the security solutions for the network. However, many SIs now demand that component suppliers comply with the subsection of the IEC 62443 standard that pertains to their devices.

The IEC 62443 guidelines define four security threat levels (as below). The security standard Levels 3 and 4 are against intentional access by hackers who utilize specific skills and tools.

IEC 62443 Scope
Industrial Automation & Control System Overview

Due to the increasingly important role that component suppliers are playing on IIoT networks, here are the 9 steps of the security requirements that component suppliers must meet when designing device for deployment on IIoT networks.

  1. Infrastructure: The network component must be able to uniquely identify and authenticate all users.  Including humans, processes, and devices.
  2. Account Management: The capability to support the management of accounts, including establishing, activating, modifying, disabling, and removing accounts, must be supported across the network.
  3. Identifier Management: Able to identifies individuals by user, group, role, and/or system interface.
  4. Authenticator Management: All devices on a network must be able to confirm the validity of any requests for system/firmware upgrades, and verify that the source isn’t trying to upload any viruses or malware.
  5. Password-based Authentication: For network components that utilize password-based authentication, the network component must integrate a password policy.
  6. Public Key Authentication: Public key authentication should be used in order to build a secure connection between servers and devices, or device-to-device connections.
  7. Use Control: All of the devices that appear on a network must support login authentication.
  8. Data Integrity: Including SSL, which enables encryption between a web browser and a server.
  9. Backup for Resource Availability: All of the applications or devices that are found on a network must be able to back up data without interfering with network operations.

For products compliant with IEC-62443-4-2, please click the links below.

Download the white paper, Securing Network Devices with the IEC 62443-4-2.