Peter Panholzer
Limes Security GmbH (Austria)
Designing and Testing Security Capabilities according to IEC 62443-4-2
While a secure product development life-cycle is a precondition for both a high level of security assurance and any kind of IEC 62443 product certification, we also phase the challenges of selecting, implementing and testing the right security capabilities for a secure product. This talk will discuss how this can be achieved with the help of IEC 62443-4-2 and several challenges development teams are facing in the standard’s application. We will draw up some solutions but also some fails in implementing security capabilities in products.
Peter Panholzer is founder, general manager and principal OT security consultant at Limes Security. He was security consultant at the Siemens CERT in Munich for several years, focusing on security analysis of industrial products and research and development in the field of secure product development processes. He is co-author of the official CMMI addition “Security by Design with CMMI for Development, Version 1.3”. He used to be an excellent (OT) penetration tester in the field but now focuses on attack strategies, risk assessments and secure system architectures. Currently he is supporting several vendors of automation components in introducing secure development practices in their general product development processes, mainly based on the IEC 62443-4-1.