Security-by-Design according to IEC 62443 in product development


5 THings your PLC can't do but should


Dipl.-Ing. Boris Waldeck

Senior Project Manager Software


Today, the comprehensive protection of machines and systems against unauthorized access is an important requirement for automation systems. Is it enough here to extend devices with security functions? Or is security a function of the entire automation solution? The IEC 62443 standard specifies the security processes and functions required for this. Read the following blog post to find out what you need to consider when implementing this standard in your automation system.

The worldwide security standard IEC 62443 aims for a holistic approach to cyber security in automation technology. For this purpose, it describes three roles (operator, integrator and component manufacturer) and defines the necessary measures. For all roles, security-by-design proves to be an essential framework condition. The IEC 62443 series of standards consists of 13 parts in which the security requirements for processes, the functional measures and the state of the art are specified for each role

When developing automation devices, their function can only be secured through security-by-design. Once the foundation has been laid, the security of the individual integration phases defined in IEC 62443 is transformed into a secure-by-design solution that is suitable for numerous use cases.


Track implementation and verify all security requirements


00017262IEC 62443-4-1 describes the safe product development process. The central element is a process that ensures that all security requirements have been implemented and verified. It is completed by additional features for the realization of security. In particular, this includes a threat analysis based on the security context (the application scenarios of the product), the concept of "Defense in depth" as well as measures for the protection of private keys. All approaches are necessary for a product to meet the Secure-by-Design requirement. Another important aspect is the ability of the device manufacturer to react appropriately to security vulnerabilities and to publish reliable security updates. Today, these requirements are usually executed by a Product Security Incident Response Team (PSIRT).

IEC 62443-4-2 defines the technical framework conditions. Security threats are used to define security levels (SL) from 0 to 4, which are tailored to the capabilities of the attacker. The standard defines seven foundational requirements (FR):

The implementation of these prerequisites shall be performed according to the secure development process specified in Part 4-1.


Measures for implementing a secure architectural design


In the conception of the solution, security-by-design is an important framework condition of the architectural design. This can result in the following measures, among others:


Preparation of an industry-specific blueprint


The system integrator plays an essential role in IEC 62443. Together with the operator, he determines the protection requirements and selects the suitable components for the system solution. The standard defines security levels for each role:

Once the solution has been set up, its suitability is verified in cooperation with the operator based on the required security level (SL-A/SL-T) and, if necessary, additional measures are taken. To simplify this procedure, it is recommended that device manufacturers and system integrators prepare industry-specific blueprints (reference systems) that can be adapted to the operator's requirements if necessary. In this way, a portfolio of devices or subnetworks can be compiled in advance with SL-C/SL-A for different applications.

The procedures are described in the standard in two parts. Part 3-3 outlines and evaluates the supported security measures and levels at the interface between system integrator and product manufacturer. On this basis, the devices required to achieve SL-T are selected. Part 2-4 defines the processes for integration, commissioning and maintenance of the automation solution.


00005456Systemic cooperation of the installed devices


It is not enough if only the devices meet the security requirements. They must also work together systemically so that the solution is easy to configure and maintain. From the systemic point of view, there are additional requirements and interfaces:

The following aspects can support this framework:




For a security-by-design solution according to IEC 62443 it is not enough to extend existing devices with security functions. From the development processes to the device function to the solution, security must be considered from the very beginning. It is recommended to use appropriate devices as far as possible when designing solutions. These solutions are secured with secure network zone concepts. A further opening of the zones necessary for flexible automation can be achieved step by step with individual devices. PLCnext Technology already opens new possibilities for this because when it was conceived as an open ecosystem, security-by-design was an important basic condition.