Process Automation
Industrial Information Systems
Specialist Electrical Engineering
Process Improvement Solutions

Industrial Terminal Server Solutions

NeoDyne Automation and Industrial IT solutions are designed to align with the IEC-62443 Cyber Security standard. Services provided include:

  • Automation and Industrial IT Network Design
  • Existing Industrial IT Architecture Evaluation
  • Secure Remote Access Solutions
  • Secure Virtual and Terminal Services Solutions
  • Cyber Security Assessments (excluding certification)

What is IEC-62443?

IEC-62443 consists of a set of standards, recommended practices, technical reports, and related information that defines procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance.

The standard is directed towards those responsible for designing, implementing, or managing manufacturing and control systems but also applies to users, system integrators, security practitioners, and control systems manufacturers and vendors.

The standard consists of 7 foundational requirements for securing an Industrial Control System:

  1. Assess Existing Systems
  2. Document Policies and Procedures
  3. Train Personnel and Contractors
  4. Segment the Control System Network
  5. Control Access to the System
  6. Harden the Components of the System
  7. Monitor and Maintain System Security

IEC-62443 and IEC-27001

IEC-27001 is an information security standard published in 2005 and revised in 2013 and is used and accepted by IT departments in most countries as a de facto main framework for information security / cybersecurity implementation.

Both IEC-62443 and IEC-27001 define the methodology on how to implement information security or cybersecurity in an organization. In reality, it is possible to implement information security according to either of these standards. The majority of the content in IEC-27001 is applicable to industrial control systems as well.

The main differences between IEC-62443 and IEC-27001 can be summarised in terms of the priorities given to the main security tasks as outlined in the table below.

Priority
(1=Highest)
IEC-27001 IEC-62443
1 Confidentiality Availability
2 Integrity Integrity
3 Availability Confidentiality