Siemens is the world’s first company to gain TÜV SÜD certification for the secure system integration of process automation and drive solutions in compliance with the international IEC 62443-2-4 standards.
The integration projects, verified on the basis of two standard solutions in the oil & gas processing industry and in a waste incineration plant, have been certified in conformity with IEC 62443-2-4 and -3-3 and were implemented using the Simatic PCS 7 process control system.
The projects involved process automation, drive solutions and comprehensive security measures and functions designed to deliver secure plant operation.
The certification has a whole range of advantages to offer for customers: plant operators benefit from the precise definition of requirements, the implementation of standardised automation solutions and processes, and from the availability of documentation in conformance with standards.
This documentation provides a vital foundation for verifying compliance with the technical requirements of the IT Security Act and other cyber security standards, for the sustainable improvement of IT and OT system security, and for guaranteeing the security of general supplies.
The system solutions are used in sectors involving a critical infrastructure, such as waste management and the oil and gas industry.
At this year’s SPS IPC Drives, Siemens was presented with three certificates by TÜV SÜD. The certification in compliance with IEC 62443-2-4 is based on the “Secure Solution Framework”, a generic product processing and engineering process developed by Siemens, and the necessary security documentation.
Forming the essential basis for the IEC-62443-3-3 certification of standard solutions from Siemens are the Simatic PCS 7 process control system and the Simatic Net portfolio comprising switches, routers and firewalls.
The international IEC 62443 standard describes an IT security concept based on the multi-layered “Defense-in-Depth” approach. This entails the direct integration of device and system suppliers, system integrators and operators, making them an integral part of the overall solution.
On the basis of the IEC 62443, companies are able to review potential weak spots in their control and management technology and develop effective protective measures.
To enable the further development of security-certified automation products and systems, Siemens is pursuing a holistic security approach.
By gaining certification compliant to IEC 62443-2-4 and -3-3 for project processing in the industrial solutions sector, Siemens says it is demonstrating that its own automation solutions “are based on the very latest international standards when it comes to cyber security, making them the ideal choice for secure system integration – to the benefit of its customers”.
With cyber security representing one of the most important building blocks of the digital transformation, simply relying on the security of certified products and systems is not enough.
Alongside a secure operator concept, secure system integration and solution implementation in conformity with IEC62443 must form part of any truly secure solution