Hardware is key to making industrial systems IEC 62443 compliant

What is IEC 62443?

IEC62443 is a set of standards for protecting industrial automation and control systems (IAC) from cybersecurity threats. It includes a comprehensive series of documents that provide a comprehensive set of recommendations for protecting industrial networks from cybersecurity threats that may emerge today and in the future. With cyber attacks on IACS growing exponentially every year, meeting the requirements defined by IEC 62443 can provide asset owners, system integrators, and product suppliers with assurance that they have assessed the risks and identified and applied preventive countermeasures to reduce vulnerabilities to an acceptable level.

IEC 62443 Standard Overview

As shown in Figure 1, IEC 62443 is divided into four categories: General, Policy and Procedure, System, and Component:

The generic document provides an overview of the industrial safety process and introduces basic concepts and models.

Documentation on policies and procedures emphasizes the importance of the policy and ensures that people are properly trained and committed to supporting it.

Safety can only be understood as part of a fully integrated system and therefore the system documentation provides the basic guidance for designing and implementing a safe IACS system.

Finally, component documentation describes the requirements that a safe industrial component must meet, which is the focus of this blog.

Figure 1 IEC 62433 standard set

Using the methodology described in IEC 62443, industry stakeholders can assess the cybersecurity risks of their systems and decide how best to address them. Recognizing that not all systems are equally critical, the standard identifies four security levels (SLs): from SL 1 (low security) to SL 4 (resistant to nation-state-level attacks). The system-level portion of the standard (IEC 62444-3-3) defines how system integrators can establish target security levels (SL-T) for components such as field instruments. Field instrument designers can find the security requirements to achieve these levels in IEC 62443-4-2.

Implementing IEC 62443 is challenging

While IEC 62443 offers many benefits, implementing the standard also presents challenges - the standard is extremely detailed - it runs nearly 1000 pages, which means stakeholders must invest a lot of time and effort to read and interpret the complete standard. IACS users can draw on the experience of proven hardware security vendors such as Analog Devices to provide additional support, advice, and guidance for implementing industrial systems that comply with the IEC62443 standard.

Achieving IEC 62443-4-2 Compliance Using Analog Devices’ Secure Authenticators

IEC 62443-4-2 defines the requirements for different types of industrial systems. The requirements applicable to field instruments include:

Common Safety Constraints (CSC)

General Requirements (French)

Embedded Device Requirements (EDR)

Table 1 below shows a simplified mapping of IEC 62443-4-2 requirements to security functions and Analog Devices’ secure authenticator capabilities, meaning users can be confident that these requirements can be included as part of their roadmap to compliance for their industrial systems.

Analog Devices has designed secure authenticator products (also known as secure elements) to enable industrial equipment manufacturers to easily and efficiently implement the security functions listed above. These single-function ICs provide turnkey security solutions with a complete software stack that can run on the system microcontroller. These hardware solutions effectively enable manufacturers to outsource the responsibility of device security to the proven expertise of a trusted silicon supplier.