We are proud to announce that IXON's SecureEdge Pro is now officially IEC 62443-4-2 certified. This is an important milestone, as this standard is recognized worldwide as the benchmark for cybersecurity in industrial components. Following an extensive audit process conducted by the independent party Bureau Veritas, we recently received the official certificate.
But what exactly does this certification entail? And above all: what does this mean for you as a machine builder? Watch the video for a brief overview or read the article below for more depth.
In this blog, we will address the following questions:
We also answer a number of frequently asked questions about IEC 62443.
IEC 62443 is a family of standards with specific cybersecurity requirements for industrial automation. Whereas standards such as ISO or NIS2 mainly provide frameworks, IEC 62443 goes into greater depth.
Because IXON supplies industrial components, IEC 62443-4-2 is the appropriate standard. A mandatory basis for this is IEC 62443-4-1 for secure software development, which IXON has already successfully achieved.
The IEC 62443 standard consists of several sub-standards, each targeting a different level, only a limited number of which are certifiable:
For the SecureEdge Pro this means that with the IEC 62443-4-2 certificate, it meets the highest requirements set for the security of individual industrial components.
More and more factories and industrial end customers expect machines to comply with IEC 62443-3-3. When you use components that are already 4-2 certified, you are demonstrably taking major steps toward meeting the system requirements and, as a machine builder, you can more easily demonstrate your compliance. This brings a number of advantages:
To become officially IEC 62443-4-2 certified, IXON had to demonstrate compliance with the requirements of IEC 62443-4-1 for secure software development.
In broad terms, we have:
It was an intensive process, but an important step toward providing even better and more secure support to machine builders.
Read more about our IEC 62443-4-1 certification.
In addition to strong encryption and protection against DoS and malicious attacks, SecureEdge Pro offers enhanced features that directly benefit you:
At IXON, we see security as a prerequisite for everything we build. As a cloud platform for remote access, we consciously create a gateway to industrial installations. This offers major advantages, but also entails risks. That is why security is not a separate feature or project, but the foundation of our platform.
This means that we continuously adapt to new cybersecurity developments, listen to customers, and structurally embed security in our processes: from a dedicated security team and annual audits to weekly management meetings and integration in every R&D and product decision.
At the same time, IXON believes it is important that you are able to determine the right balance between security and ease of use. That is why SecureEdge Pro offers you a great deal of flexibility as standard: you choose which functions to enable, how strictly to manage your users, and which risks are acceptable for your situation. To help you with this, IXON has developed two configuration guides.
"We don't determine what constitutes an acceptable risk for you. We give you all the options so you can make the right choice for your situation."
- Dylan Eikelenboom, Security Officer at IXON
Through the certification process that we have undergone ourselves, we have gained a lot of insights that we would like to share with machine builders who want to go through the process themselves.
A few practical tips:
Want to get started with IEC 62443 yourself? Download our free Security Kit to start with an initial analysis of your machine right away. Do you have questions or want to discuss your situation? Contact our Security Desk, we are happy to help.
These two standards are very similar, but focus on different levels within an industrial installation.
The content of the standards overlaps considerably. That is why a 4-2-certified component is extremely helpful when, as a machine builder, you need to demonstrate that your entire system is 3-3 compliant. Because the technical basis for these requirements has already been established and validated, the verification process for the entire system becomes much simpler.
The IEC standard uses four security levels (SL1 to SL4). These indicate the type of attacker a component or system must be able to withstand:
IXON's SecureEdge Pro is certified for Security Level 2 (SL2). This means that a component can withstand an attacker who works in a targeted manner, has basic knowledge, and uses commonly available tools. SL2 is precisely the threat level most commonly seen in the industry.
Security Level 2 is the level most often required by machine builders, OEMs, and industrial end customers. SL3 and SL4 are mainly used in critical sectors, where security requirements are much stricter and, in practice, less suited to standard machine construction. SL2 therefore offers the best balance: a high level of security, practical applicability, and alignment with market demands.
Because many of our customers are active in sectors such as water treatment, food & beverage, and energy, we have also included several SL3 requirements. As a result, in many cases, SecureEdge Pro is sufficiently secure for environments where SL3 is normally required, although an auditor always determines whether the overall system is ultimately SL3 compliant.
NIS2 and the Cyber Resilience Act don’t prescribe how you should secure something, but they do require you to take demonstrable measures. This is exactly where IEC 62443 fits in perfectly.
Because IEC 62443 goes beyond European legislation, the use of IEC-certified components helps to demonstrably meet technical security requirements within NIS2 and the Cyber Resilience Act.
We can advise, share experiences, and supply IEC-certified components. We do not provide official consultancy services, but our Security Desk is happy to help explain the standard. In addition, IXON has created a free Excel spreadsheet (Security Kit) with explanations, so you can immediately start with an initial IEC 62443 analysis of your machine.
No, the standard is not legally binding. However, more and more factories are including IEC 62443 in their purchasing conditions. In practice, this means it’s increasingly becoming a ‘must have’.
SecureEdge Pro comes with secure default settings, but you can further enhance security with our:
This allows you to determine how secure you want your installation to be. You can disable features, set access rights, and configure the router so that it is suitable for use in SL2 environments and above.