5 minute read
Good reasons for system integrators to comply with IEC 62443
REASONS FOR SYSTEM INTEGRATORS TO COMPLY WITH IEC 62443
Massimiliano Latini explains why system integrators need to ensure that their automation systems are IEC 62443-compliant to adhere to international cybersecurity requirements.
Advertisement
The evolution of automation and industrial control systems, in terms of digital connectivity, including the use of cloud systems, industrial cyber security has become crucial. While digital connectivity allows for the implementation of increasingly cutting-edge systems, as well as the implementation of more advanced services, it also opens the door to operational technology (OT) cyberattacks. In terms of liability for system integrator, their customers – end-users who succumb to a cyber-attack on a system with no minimum security capabilities, or on a system not implementing protection measures expected by the state-of-the-art – could claim damages. This is especially true in the event of a lack of security implementation, incorrect configuration or inadequate documentation while equipping the plant with prevention measures.
The IEC 62443 standard represents the state-of-art in terms of industrial cyber security. It provides a guideline for the protection of industrial control systems, following the life cycle presented by the standard. The system integrator must also comply with IEC 62443 requirements to release an adequately secured automation system to the end user, who will then manage the system according to specific security rules. So, the IEC 62443 relies on the work jointly carried out by the three actors – manufacturer, system integrator andend user. There are several valid reasons why a manufacturer should comply with IEC 62443: • To integrate in an offer, clear performances in terms of cyber security, where security represents a priority. • To expand the whole offer, compared to competitors. • Cyber security can also be seen as an opportunity, as end users may need to adapt their old systems to the new standards; so, effective solutions can be proposed to better upgrade existing systems. • Lastly, to meet halfway insurance companies to contain the expected malus.
The implementation of a cyber security program in compliance with the IEC 62443 requirements for manufacturers must cover both the organisational assets related to cyber security and business processes; this shall consider any technical aspects related to the automation systems, according to the IEC guideline.
Because a cyber security implementation usually takes longer to develop than the final market is able to wait to implement effective cyber security solutions, it is recommended to work in stages. The selection of the system integrator is therefore crucial because: • System integrators allow greater flexibility and less rigid processes, since they are assigned to specific projects and contracts. • The system integrator, as the last actor across the supply chain, would be the first to be called into question, while integrating systems and components which are already in compliance with the IEC standard.
It is recommended that a first basic security goal is established without necessarily applying all of the requirements and solutions required by the standard, but by selecting only those minimum requirements applicable to security requests with medium complexity. Then it is possible to use minimal solutions that comply with basic technical standards, to protect the system integrator, while delivering a robust and well-configured solution for the end user, accompanied by the necessary technical documentation that demonstrates compliance with IEC 62443.
Subsequently, it will be possible to integrate the requirements and business processes aimed at increasing the security level and offering IEC 62433 compliant solutions. At this stage, solutions will be more complete and will include the basic automation support systems, which, in turn, allow for better and safer integration with the customer’s OT and security systems.
Massimiliano Latini is ICS Cyber Security & Special Projects Director at H-ON Consulting.
NEW ADVANCED TECHNOLOGY CENTRE FOR LOTUS SERVICE CENTRE FOR
Lotus is to create a dedicated and INDUSTRIAL GEAR UNITS specialist advanced technology centre, which will also be home to a new headquarters for the company’s engineering consultancy, on the University of Warwick’s Wellesbourne Campus. The new facility is being established in partnership with WMG at the University of Warwick. WMG provides collaboration between academic research, teaching, training, and industry.
Initially, 130 engineers will move into the facility, complementing the 500-strong engineering team at the home of Lotus Cars in Hethel, Norfolk.
Commenting on the announcement, Matt Windle, executive director, engineering, at Lotus Cars, said: “This is a big step forward for Lotus and our engineering consultancy. Our team and specialist skills have grown significantly in the last two years as renewed impetus has been put in to the business with new shareholders and management. The all-electric Evija hypercar is the first new Lotus Cars product for us to deliver, with significant focus on this at Wellesbourne as we complete the project and continue to advance its technologies for our future programmes.” Phil Popham, CEO, Lotus Cars, added: “Our engineering and R&D strategy around advanced propulsion systems is lock-in-step with the Government’s vision and broader global ambitions for a low-carbon automotive future. We look forward to working in collaboration with Government and with our new campus neighbours on this future.” SEW Eurodrive has opened a new sales and service centre in Cumbernauld, to meet demand for its wide range of maintenance and service options, as well as new industrial gear units in Scotland. The new service centre has the capability to service and repair any industrial gear unit regardless of its age or the original manufacturer. It features a fully equipped workshop with all the latest tooling for assembly and testing and has a large stock of genuine spare parts. The new facility, staffed by SEW Eurodrive’s trained engineers, is able to provide a fast response. Its Complete Drive Management (CDM) service is also available from the new site, as is its Premium Protection Package which provides an additional 12 months warranty in addition to the two years already provided on new products.
Expand the possibilities for autonomous material transport
+44 (0)1908 258258 oeeuk_sales@omron.com industrial.omron.co.uk New HD-1500 Mobile Robot from OMRON with 1500kg Payload Capacity
The 1500kg payload capacity of the HD-1500 from OMRON enables transportation of large automotive components such as car chassis and voluminous pallet size payloads - items that would have traditionally been moved using forklifts.
Control up to 100 mobile robots with diff erent sizes, confi gurations and payload capacities under one system to automate complex material transport and logistics applications with OMRON’s industryfi rst Fleet Manager.
