How to comply with IEC 62443 in manufacturing?

Research done by IBM shows that manufacturing is the most targeted industry when it comes to cyber attacks. The question many machine builders have is how they can best protect themselves, their customers and their machines against cyber criminals.

Cybersecurity in manufacturing

The cybersecurity landscape has seen a couple of trends in the last decade. From total number of attacks to number of ransomware attacks and number of successful attacks: all are increasing. The costs and damage of cyber attacks also continue to rise. 

But why is manufacturing a prime target for hackers? There are 3 reasons for it:

1. Factories are very complex and have a large attack surface with interconnected systems
   
   
2. Many OT systems are old and no longer receive updates, which makes them vulnerable
   
   
3. Factories are very downtime intolerant because downtime is costly, so they are likely to pay out.
   
   

Government response and market response

Both government and market are now taking actions to increase cybersecurity in manufacturing. 

The government’s response has been to strengthen cybersecurity across sectors through regulations like NIS2, DORA, the Cyber Resilience Act, GDPR, and more. These regulations aim to improve organizational security, though they're rather basic and limited in scope. 

On the other hand, you have the market response. The market is starting to expect (and even demand) that you as a supplier have compliance with certain regulations and industry standards. Think of IEC 62443 for the manufacturing industry.

Why is IEC 62443 the right standard?

At IXON, we see IEC 62443 as the gold standard for manufacturing. There are 5 reasons for it:

• It’s specific for machine builders
• The IEC has so-called sub-norms with different topics to address, so you can focus on the ones that best match your business
• It’s flexible, using 4 different Security Levels which allow you to “grow” step-by-step in security
• It has concrete requirements and is actively maintained
• It can be used to demonstrate compliance with EU government regulations 

Want to have more explanation on why IEC 62443 is the right standard? Download our Security kit and read the Practical Guide to IEC 62443 on how to certify machines in compliance with the standard.

Securing your machines with IEC 62443

The question now is how you can secure your machines. First of all, a secure machine is not just adhering to the IEC standard, and that's it. It's a big part of it, but it's part of a whole. There’s also the organization and the technology you use. 

When you look at the IEC 62443 standard, there are 7 requirements. We chose to divided them into 5 themes: Authentication, Auditing, Vulnerability protection, Restricted data flow and Availability. For each theme, we’ve identified 5 recommendations as “low hanging fruits” that come directly from the IEC. If your machine or system adheres to these 25 recommendations, you have done all of the quick wins of the IEC. 

Learn everything about these 25 recommendations by watching our webinar replay "How to comply with security requirements" which is part of our Security kit.

IXON’s Security kit for machine builders

IXON made some security documents and tools available to get started yourself. You can download them for free. 

The IXON Security kit includes:

• Practical starter guide to IEC 62443
• IEC 62443 gap analysis template
• IXON Security Guide
• Presentation with 20+ tips how to implement security requirements
• Webinar replay "How to comply with security requirements"