The IEC 62443 standard is used by many grid operators for the security of their operational technology (OT) systems. Usually, they use the parts on policies and process and system security measures (parts 2-1 and 3-3). But since 2019 these standards also cover component security through part 4-1 on secure product lifecycle requirements and part 4-2 on technical security requirements for IACS components. These parts can be used to set requirements during procurement.
Component certification based on these parts is being developed. An industrial cyber security program is set up under IECEE, the conformity assessment scheme of the IEC (see [3] Annex C). Certification based on IEC 62443 is also considered as one of the certification paths of the ICCS scheme being developed by the European Joint Research Center (JRC). This ICCS scheme is likely to become the official EU certification scheme for industrial components under the Cybersecurity Act.
There is no official evaluation method yet available that describes how components should be tested against the IEC 62443 requirements. Without such a method it is not clear what tests a test lab will perform before giving out an IEC 62443 certificate. So, grid operators cannot know if a certified component has been tested thoroughly enough.
An evaluation method has been developed by TeleTrusT, and has now been submitted to the IEC 62443 certification committees. We think however that this method needs to be further extended and improved to ensure thorough testing.
To achieve strong assurance that a component meets the IEC 62443 security requirements, we recommend splitting the evaluation into three parts:
- A development process audit based on IEC 62443-4-1 to determine if the component’s development team is following best practices in secure development.
- A conformity assessment to determine if a product line has the required security functions from IEC 62443-4-2.
- Periodic vulnerability assessments in which independent testers try to find vulnerabilities in the component that bypass the security functions.