The threat of cyber-attacks is increasing, particularly in Industrial Automation and Control Systems (IACS). To address this, the IEC 62443 series has become the standard for securing all layers of IACS.
The Civil Infrastructure Platform (CIP) project recognizes the importance of IEC 62443 and supports its adoption across the industry. As part of this effort, CIP has established a dedicated Security Working Group (SWG) to assist CIP members and affiliates in obtaining certification.
CIP has engaged with an ANSI-accredited certification body to conduct a gap analysis in order to meet the requirements of IEC-62443-4-1 and IEC-62443-4-2. The CIP Security Working Group (SWG), along with other CIP working group members, has focused on establishing a secure development process and enhancing security capabilities within CIP.
Here’s a breakdown of the relevant standards:
- IEC-62443-4-1: This standard specifies the process requirements for the secure development of products used in industrial automation and control systems. It covers security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management, and product end-of-life1.
- IEC-62443-4-2: This standard provides detailed technical control system component requirements associated with the foundational requirements described in IEC TS 62443-1-1. It defines the requirements for control system capability security levels and their components
By providing an open source “base layer” of industrial grade Linux software, CIP aims to reduce development costs and facilitate the implementation of security functions that conform to the IEC 62443-4-2 standard. The investigation by the Security working group has shown that the CIP ecosystem, including reference hardware, can realize over half of the functionality needed for security level 2 (SL-2) certification.
This demonstrates the effectiveness and practicality of Linux in providing secure solutions for the industry. We encourage industrial-grade Linuxsoftware suppliers to adopt the CIP open source base layer as a development platform for their applications.
Repository
Provide guidelines and reference implementations to help developers to meet cybersecurity standard requirements (IEC 62443).