The IEC 62443 series recommends that security should be an integral part of the development process, incorporating security functions in the equipment and systems from the outset. These transversal Standards establish efficient security processes and procedures that cover the whole value chain, from the manufacturers of automation technology to machine and system builders and installers as well as the operators. They address and mitigate current security vulnerabilities as well as pre-empt future ones.
The Shift2Rail is an initiative that brings together key European railway stakeholders. It aims to define how different aspects of cyber security should be applied to the railway sector. In the course of its research, it has assessed applicable standards and has selected the IEC 62443 publications. The IEC 62443 Standards are also compatible with the US National Institute of Standards and Technology (NIST) cyber security framework.
IEC 62443-4-1 provides guidance on how to develop the cyber security managements systems (CSMS) for industrial automation control systems (IACS). According to IEC TC 65 Secretary Rudy Belliardi: “Cyber security is a large challenge which needs to address the entire set of IACS as well as the policies, procedures, practices and personnel that surround and utilize those IACS. Implementing such a wide-ranging management system may require a cultural change within the organization”.
The Standard defines a secure development life-cycle for products and systems. It includes security requirement definitions, secure design and implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life criteria. Applying such a framework is intended to provide the confidence that the product or system has a level of security commensurate with the degree of risk throughout its life-cycle.
A key concept used throughout the publication is threat modelling. Among other things, this will help to identify potential attack vectors including attacks on the hardware and how to mitigate them. The threat model is expected to be reviewed periodically (at least once a year).
One of the ways to mitigate threats is by incorporating a layered defence strategy (also called defence in depth) into the design of the product or system. Each different layer provides an additional defence mechanism that has both responsibility for and reduces the risk of attack on the next layer. Each layer assumes that the layer in front of it can be compromised.
Penetration testing is used to check this layered defence strategy, by defeating multiple aspects of it, bypassing authentication and compromising confidentiality by breaking encryption, for instance. The idea is to act like an attacker and identify the chained vulnerabilities in the product or system. The supplier can then decide to address them by changing the design, adding security requirements or even removing features.
The IEC 62443 Standards also have their own certification programme. The IEC is the only organization in the world to provide an international and standardized form of certification which deals with cyber security. It is supplied by IECEE, the IEC System for Conformity Assessment Schemes for Electrotechnical Equipment and Components. The IECEE Industrial Cyber Security Programme tests and certifies cyber security in the industrial automation sector.
The IEC Conformity Assessment Board (CAB) has also set up Working Group 17, to investigate the need for and timeframe of global certification schemes for products, services, personnel and integrated systems in the area of cyber security. “Achieving cyber protection in a cost-effective manner results from applying the right protection at the appropriate points in the system to limit the risk and the consequences of a cyber attack. This means modelling the system, conducting a risk analysis, choosing the right security requirements which are part of IEC Standards, and applying the appropriate level of conformity assessment against the requirements, according to the risk analysis. We need to assess the components of the system, the competencies of the people designing, operating and maintaining it, and the processes and procedures used to run it. This holistic approach to conformity assessment is indispensable to protect facilities, especially critical infrastructure, from cyber crime”, explains CAB secretary David Hanlon.