IEC 62443
Industrial communication networks – Network and system security
Industrial communication networks and Internet of Things (IoT) mean that production facilities and critical infrastructure become more vulnerable to IT attacks.Industrial Automation and Control Systems are usually made up of standardized hardware and software components and integrated within a network. However, the relative openness of the systems, which is necessary for this, increases the risk of manipulations and attacks of the IT infrastructure.
The aim of the standard IEC 62443 Industrial communication networks – Network and system security is to avoid negative effects of manipulations and attacks.
IEC 62443 provides a complete approach to ensure the IT security of the system, network security and system integrity. IEC 62443 bietet einen ganzheitlichen Ansatz, um die IT-Sicherheit der Anlage, die Netzwerksicherheit und die Systemintegrität zu gewährleisten. The standard helps to discover potential vulnerabilities in control technologies and to develop effective protective measures.
The IEC 62443 standard is organized into four general categories called General, Policies and Procedures, System, and Component.
The first (top) category includes common or foundational information such as concepts, models and terminology. Work products that describe security metrics and security life cycles for IACS are also included.
Part two targets the Asset Owner. Various aspects of creating and maintaining an effective IACS security program are addressed here.
The third part includes work products that describe system design guidance and requirements for the secure integration of control systems.
The fourth category describes the specific product development and technical requirements of control system products. Primarily intended for control product vendors, it can also be used by integrator and asset owners for to assist in the procurement of secure products.
IEC 62443 recommends the use of Static Code Analysis
IEC 62443 recommends the use of Statischen Code Analysis.CodeSonar is an Advanced Static Code Analysis Tool which is excellent to fulfill the requirements and recommendations of IEC 62443.
