TÜV SÜD has awarded the world’s first certificate based on IEC 62443-4-1 to Siemens. The certification confirms that Siemens’ interdisciplinary process of developing automation and drive products, including industrial software, complies with the security requirements set forth in the international standard. Siemens received the certification for seven development sites in Germany.
The international series of standards IEC 62443 defines the security measures for industrial automation systems, with Part 4-1 of the standard describing the requirements of the manufacturer's development process. Siemens is the first company in the world to be granted IEC 62443-4-1 certification by TÜV SÜD. The certificate documents that the industrial giant’s internal development processes for automation and drive products fulfil the requirements set forth in the standard. The seven Siemens locations that received certification are responsible for developing an array of products, including SIMATIC S7 industrial controllers, SIMATIC industrial PCs, SIMATIC HMI (Human Machine Systems Interface) devices for operator control and monitoring, and SINAMICS drives as well as TIA (Totally Integrated Automation) Portal engineering software.
Automation products are “secure by design”
The TÜV SÜD certificate is based on the IEC 62443-4-1 (Secure Product Development Lifecycle Requirements, Draft 3 Edition 10, 01.2016) standard. The standard includes security-relevant factors such as capabilities and expertise, security of third-party components, process and quality assurance, secure architecture and design, and issue handling as well as security updates, patches and change management. By gaining product certification based on IEC 62443 Siemens can now document its automation products as “secure by design” and provide integrators and operators with transparency concerning its IT security measures. Integrators and operators can use these products for designing and operating automation processes and systems and for implementing “Defense In Depth” protective concepts.
To ensure comprehensive protection of industrial plants and systems from internal and external cyber attacks, all levels must be protected simultaneously, from plant management to field level, from access control to copy protection. To achieve this, Siemens implements a concept of defence throughout all levels known as “Defense In Depth”. This overarching security concept reflects the recommendations of the IEC 62443 standard series, the leading standard for security in industrial automation.
TÜV SÜD’s Digital Service unit assists manufacturers, system integrators and operators in facing the challenges of implementing IEC 62443 requirements in their own IT security systems, and enables them to document that implementation in the form of certificates and certification marks. “Our certificates enable us to make a major contribution towards increasing transparency in a field that is advancing at an enormously dynamic pace”, say Dr Kai Wollenweber and Dr Thomas Störtkuhl, experts in industrial IT security at TÜV SÜD. The international service provider is among the first in the world to hold accreditation for testing and certification based on the IEC 62443 standard.
For more information on TÜV SÜD’s extensive range of services in this area, visit www.tuev-sued.de/digital-service.
Press-contact: Dr Thomas Oberst