Global lighting giant achieves certification to industrial cyber security standard IEC 62443

LED lights last longer and use less energy than traditional incandescent bulbs. That is why they have become such an integral part of our lives, lighting everything from our homes and places of work to our streets, cars, trains and buses. Because of their huge installed base and the ability to add sensors and chips they have become a backbone of IoT smart city technologies. The Netherlands-based company Signify is the world leader in connected lighting and LED, as well as conventional lighting.

Photo courtesy of Signify

Signify has recently become the first company in the global lighting sector to achieve certification to the international cyber security standard for operational environments, IEC 62443-4-1:2018, in the framework of IECEE, the IEC System for Conformity Assessment Schemes for Electrotechnical Equipment and Components. The standard, which is part of the IEC 62443 series, focuses on secure product development lifecycle requirements.

The industrial cyber security programme of the IECEE tests and certifies cyber security in the industrial automation sector. It includes a programme that provides certification to standards within the IEC 62443 series. Under the scheme, National Certification Bodies (NCBs) operate national certification for electrotechnical equipment and components in countries that have a member body of the IECEE. They then issue the certificates.

e-tech spoke to Fabio Vignoli, the Product Security Lead for Professional Lighting at Signify about IEC 62443 and the importance of certification.

e-tech: What are the challenges of working in a merged IT-OT environment?

Fabio Vignoli: That's a very interesting question. I would like to talk here about our Interact products. Interact is our platform for IoT lighting. It was unveiled in 2018 and basically it enables connected light and embedded sensor connectors to deliver Insight benefits and new services to customers. Now, this interact platform is precisely at the intersection between IT and operational technology. So, when we deal with customers, we have to take care of both aspects. On one side operational technology and that's the reason why we went for the IEC 62443 standard for cybersecurity with certification, covering operational and information technology.

e-tech: What are your customers telling you?

Fabio Vignoli: So many of them ask us how we take care of their information. What do we do from a privacy perspective? What do we do to make sure that security events and incidents are handled? So, it’s a very interesting area and we see the lines between information technology and operational technology are really blurring.

e-tech: What for you have been the benefits of certification?

Fabio Vignoli: For us, it really illustrates that Signify has a thorough understanding and commitment to provide our customers with the most secure connected lighting products, systems and services. I mean, from a security perspective, we are really looking at the triad -- confidentiality, integrity and availability -- for our customers. And it really is a selling point and a competitive advantage to show our customers that we are committed to their security, information security and operational technology security. Maintaining the highest standards of security are both crucial and invaluable to us. We are proud to have achieved this certification and we thank [the Dutch NCB] DEKRA for their support.