Industrial sectors are in a moment of profound transformation due to, among other reasons, their digitization and automation.
Thus, industrial environments and critical infrastructures must be prepared for the growing number of cyberattacks to which they are exposed in order to avoid security problems for the environment or people, quality problems or even productivity issues.
For those professionals working in industrial cybersecurity, the IEC 62443 standard (which deals with cybersecurity for industrial control systems and computer networks in operating environments) is an imperative reference.
This standard, or rather set of standards, describes both the technical and process-related aspects of industrial cybersecurity.
IEC 62443 is divided into different sections. One of them, which we will also discuss in our QA&TEST Safety and Cybersecurity conference, the 62443-4-2 describes, as explained by INCIBE – National Cybersecurity Institute, the previously established requirements that the components of a control system need to implement in order to achieve a certain level of security. In addition, manufacturers can certify their products in this standard to certify that a component has all the necessary measures in each of the security levels.Another of these sections also present at QA&TEST Safety and Cybersecurity programme is the 62443-4-1, which defines a secure development life cycle. Therefore, given the importance of this regulatory framework, QA&TEST Safety and Cybersecurity has dedicated a complete thematic track to it, during which representatives of different industries such as railways, electronics, etc. They will show us the most fundamental aspects to take into account and how we must correctly implement this standard in our systems.