Phoenix Contact awarded IEC 62443-4-1 and 2-4 certification TÜV SÜD
Phoenix Contact is one of the first companies in Germany to have been certified by TÜV SÜD in accordance with the IEC 62443-4-1 and 2-4 series of standards for IT security.
This confirms that the company develops secure by design products in compliance with the IEC 62443-4-1 process and that it designs secure automation solutions in compliance with the IEC 62443-2-4 process.
Standard IEC 62443 comprises a series of documents handling the IT security of industrial automation and control systems (IACS). The term IACS represents all elements, such as systems, components and processes, which are required for the secure operation of an automated production system. By specifically focusing on industrial applications, IEC 62443 also sets itself apart from ISO 27001, which deals instead with traditional IT systems. For operators of critical infrastructure, ICE 62443 covers all the requirements for secure solution design, start-up, operation, and maintenance. IEC 62443 has become the “in-house standard” in the process industry.
The central elements of part 4-1 and 2-4 of the IT security standard are, on the one hand, a threat and risk analysis based on the application scenario. ie; application examples and the required hardening measures are defined for devices and systems. For automation solutions, a security concept is devised with the required precautionary measures. On the other hand, a product or solution development process is established which ensures that all identified security requirements are implemented, verified and documented with traceability.
In addition, device manufacturers are required to respond appropriately to security vulnerabilities and publish security updates in a reliable manner. Phoenix Contact has satisfied this requirement with the newly established Product Security Incident Response Team (PSIRT). The team informs users of Phoenix Contact products about known security vulnerabilities and, at the same time, also acts as the point of contact for users to report any security vulnerabilities they find in a confidential way. PSIRT is responsible for the processing, assessment and publication of reports and updates to the process chain, as set out in IEC 62443.>
Source: Control Engineering Europe - All Articles