Tackling cyber security threats

hands on keyboard

A complex issue

The complexity and sophistication of today’s systems and equipment in industrial plants require a specific approach to safety and security.

The cyber security issue has been under close scrutiny in recent years. The risk of being subjected to a cyber attack is not to be taken lightly: industrial facilities (food processing, robot assembly), utilities (oil, gas, water, electricity), transport systems and other industry sectors may be targeted and will pay a dear price if unprotected. More often than not, the aim of a cyber attack isn’t the complete shutdown of a target’s network, but rather a surreptitious intrusion into the network. This may have dire consequences, causing serious damage to the systems and potentially endangering the lives of those operating the installations.

Increased protection

Understanding the cyber environment, protecting industrial control and automation systems, identifying cyber threats, and possibly anticipating future development are at stake. Minimising exposure to cyber risks is the challenge that industry has to tackle. Among the tools at its disposals are standardisation and conformity assessment.

Recognising that the topic is of vital importance to industry, IECEE, the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components, asked its special WG (Working Group) on Industrial Automation to set up a Task Force to consider the cyber security issues and the potential services the System could offer to tackle them. Apart from cyber security, the WG also has the responsibility of dealing with functional safety.

IEC international standards

While it may be challenging to test and certify cyber security, IECEE can already rely on IEC international standards on automation security that address the issue, notably the IEC 62443 series of standards on Industrial Communication Networks – Network and System Security.

...and conformity assessment address the issue

Cyber security was on the agenda of the CMC (Certification Management Committee) during the IECEE annual series of meetings, held in Cairns, Australia in June 2014.  Among the decisions made, the CMC approved the development of a business plan and supported the recommendation to continue discussions with other organisations, such as ISA (International Society of Automation) and WIB (Process Automation Users' Association) to evaluate potential cooperation.

Close collaboration

To stress the importance of the issue, IEC CAB (Conformity Assessment Board) has also set up WG17 on cyber security. Members of the IECEE WG on industrial automation may also be involved in the CAB WG17, but, while collaboration between the two groups is encouraged, the responsibilities of each group will be clearly defined, to avoid any overlap.

 Summarised from IEC e-tech August 2014

Buy IEC 62443-2-1 Ed. 1.0 b(2010) Buy BS IEC 62443-3-3:2013 Buy DD IEC/PAS 62443-3:2008 Buy IEC/TS 62443-1-1 Ed. 1.0 en(2009)

Published in international.