In order to increase awareness of dealing with cyber security through international standards and IECEE Conformity Assessment, IECEE, has run three workshops, the most recent held in Singapore in October.
“In the new and very dynamic environment of cyber security it is more important than ever to establish an efficient harmonization among the participants of an international conformity assessment system, to ensure transparency and mutual trust for recognition of results and certificates”, said Wolfram Zeitz, Deputy Secretary, IECEE.
Hosted by the Singapore Standards Council and Enterprise Singapore, the three-day international event was attended by participants from different testing services.
Lee Neitzel, expert with over 30 years in security and network standards has led or contributed to a number of industrial cyber security standards in the IEC 62443 series. His work includes the role of Chair for IEC TC 65 Working Group 10 - Cyber Security, Industrial Automation - IEC 62443 and Convenor of the former IECEE CMC Task Force Cyber Security (conformity assessment programme) as well as editor of ISA 99/ IEC 62443-2-1, Security for industrial automation and control systems - Part 2-1: Requirements for IACS asset owners.
“This workshop has been given in North America, Europe, and Asia to provide a common understanding of the conformance assessment programme and the IEC 62443-2-4 requirements for NCBs and CBTLs around the world. It gives the attendees the opportunity to gain first-hand knowledge of the programme mechanics and the details of the requirements, and to ask questions to enhance their understanding. Without the workshop, each NCB and CBTL would have to develop their own unique ideas for these topics”, said Neitzel.
Neitzel presented the first two days of the workshop covering aspects of IEC 62443, Security for industrial automation and control systems, including:
Other topics discussed covered:
The urgent need to take measures to handle cyber security threats was emphasized through a live demonstration, which showed a successful cyber hack on mobile ICS kits, as well as a successful cyber attack through a security antivirus and a firewall.
Together with IEC cyber security related standards, the deployment of comprehensive IEC CA certification schemes should ensure that systems which rely on industrial communication networks and industrial automation control systems (IACS) are better protected against cyber threats.