Cybersecurity manual based on IEC 62443
Cybersecurity plays a crucial role in the industrial automation environment. With the alarming increase in security incidents in factories, plants and other automated applications, the need for effective measures to protect these systems has become imperative. Given this scenario, government institutions, such as ICS-Cert and the German Federal Office for Information Security (BSI), have been closely monitoring the increase in incidents and are aware of the importance of combating these threats.
In this context, the development of methodologies that ensure the integrity and protection of systems has become an urgent need. An important milestone in this regard is the international standard guideline IEC 62443. This standard, initially published by the Industrial Automation and Control Systems Safety Committee (ISA99) of the Society for Industrial Automation (ISA), is often referred to as the ISA/IEC standard 62443 and establishes essential guidelines for cybersecurity in the sector.
Continue reading to learn about the main aspects of IEC 62443, discover how to download the Altus cybersecurity manual and understand how Altus applies essential concepts related to the area in its new product lines.
Principles and Guidelines of the IEC 62443 standard
The IEC 62443 standard, also known as ISA/IEC 62443, is a set of international standards that focus on the cybersecurity of industrial control and automation systems. It was developed to ensure the protection of networks, systems and devices used in industrial automation environments, such as factories, production plants, critical infrastructure and energy facilities.
Main characteristics of the IEC 62443 standard:
Scope: IEC 62443 covers a variety of topics related to cybersecurity, such as security management, network security, device security, and control system security. It takes organizational and technical security into account.
Layered Approach: For cybersecurity, the standard uses a layered approach, defining security drivers and areas that help locate and isolate critical areas, reducing the impact of potential attacks.
Suitability for Various Sectors: IEC 62443 can be adapted to a variety of sectors and specific demands. It applies to a variety of processes, including manufacturing, energy, transportation, oil and gas, among others.
Preventative Focus: The standard emphasizes preventive measures such as network segmentation, strong authentication, regular security updates and constant monitoring to avoid cyber threats.
Regular Updates: IEC 62443 is regularly reviewed and updated to meet changes in technology and cyber threats. This ensures that safety regulations remain valid.
Recognized International Standard: IEC 62443 is a globally recognized standard for industrial cybersecurity and is frequently used by organizations, companies and regulators around the world.
The IEC 62443 standard can be applied in a variety of scenarios, including industrial process control systems, building automation systems, transportation infrastructure, smart electrical grids, healthcare systems, and more. Basically, any environment that relies on automation and control for its operations can benefit from applying the principles and guidelines of IEC 62443 to ensure the cybersecurity of its systems, thus protecting against cyber threats and potential disruptions to operations.
Altus Cybersecurity Policy Manual
The comprehensive scope of cybersecurity measures includes the protection of various aspects such as the availability of controller functionalities, application functionality, source code and application confidentiality, integrity of application functions, development system and components employees, in addition to the authenticity of the controller and his data. All of these elements are critical to ensuring a safe industrial automation environment protected against cyber threats.
In this context, Altus` automation and cybersecurity experts developed the company`s Cybersecurity Policy Manual. This document is a comprehensive compilation of the cybersecurity strategies adopted by the company for its products and operations. The main objective of this movement is to protect Altus customers and their industrial operations from increasingly sophisticated and persistent threats in the field of cybersecurity.
The manual is available for download on Altus` institutional website and its main purpose is to present and justify the cybersecurity measures implemented in the company`s products. This includes products such as MasterTool software, which is a development environment used for the Nexto, Nexto Xpress and Hadron Xtorm series programmable controllers, all designed to meet the demands of the modern industrial automation environment.
This document fully uses the ISA/IEC 62443 standard as a reliable reference and reinforces Altus` commitment to protecting the industrial automation environment against cyber risks. The company is dedicated to staying at the forefront of cybersecurity, protecting its customers` systems in a world that is increasingly connected and vulnerable to cyber threats. To maintain the integrity and trust of its customers and partners, Altus continues to improve its cybersecurity policies and practices.
Other cybersecurity aspects of Altus products
Altus` continuous investment in research and development provides the design of high-tech equipment, solutions that adhere to the reality of the international industry and are capable of meeting the most varied demands of a constantly changing market. This innovative streak is part of the company`s DNA, an intrinsic characteristic in each of the products developed throughout our more than 40 years of history. This vocation for innovation is capable of bringing to the industry advanced products capable of dynamically integrating the IT and TA areas of your business.
One such product is NX3008, a global CPU with advanced software and cybersecurity capabilities. One of these features is the built-in VPN, which creates a private connection tunnel directly to the CPU. This functionality allows you to access your business`s control network remotely and completely securely. To further increase product security, the CPU also has a firewall feature.