In the past, asset owners relied on system integrators (SIs) such as Siemens, Honeywell, and ABB to provide the security solutions for the network. However, many SIs now demand that component suppliers comply with the subsection of the IEC 62443 standard that pertains to their devices.
The IEC 62443 guidelines define four security threat levels (as below). The security standard Levels 3 and 4 are against intentional access by hackers who utilize specific skills and tools.
Due to the increasingly important role that component suppliers are playing on IIoT networks, here are the 9 steps of the security requirements that component suppliers must meet when designing device for deployment on IIoT networks.
- Infrastructure: The network component must be able to uniquely identify and authenticate all users. Including humans, processes, and devices.
- Account Management: The capability to support the management of accounts, including establishing, activating, modifying, disabling, and removing accounts, must be supported across the network.
- Identifier Management: Able to identifies individuals by user, group, role, and/or system interface.
- Authenticator Management: All devices on a network must be able to confirm the validity of any requests for system/firmware upgrades, and verify that the source isn’t trying to upload any viruses or malware.
- Password-based Authentication: For network components that utilize password-based authentication, the network component must integrate a password policy.
- Public Key Authentication: Public key authentication should be used in order to build a secure connection between servers and devices, or device-to-device connections.
- Use Control: All of the devices that appear on a network must support login authentication.
- Data Integrity: Including SSL, which enables encryption between a web browser and a server.
- Backup for Resource Availability: All of the applications or devices that are found on a network must be able to back up data without interfering with network operations.
For products compliant with IEC-62443-4-2, please click the links below.
- Industrial Firewall/Router, EDR-G900/800 Series
- Industrial Gigabit Managed Switch, EDS-G500E
- Industrial Fast Ethernet Switch, EDS-500E Series
- Secure Device Server, NPort 6000 Series
Download the white paper, Securing Network Devices with the IEC 62443-4-2.