IEC 62443 is the global standard for the security of ICS networks, designed to help organizations reduce the risk of failure and exposure of ICS networks to cyberthreats. The standard demands that security professionals not only understand their organisations hardware and its interactions, but also how to recognize a threat, how to report it and how to respond and to recover.
IEC 62443 – Cyber Alignment
Kontex has built a team of ICS, IOT and SCADA technical professionals that can support organisations with the foundational elements of the 62443 standard, namely:
Access Control (AC): control access to selected devices, information or both to protect against unauthorised interrogation of the device or information.
Use Control (UC): control use of selected devices, information or both to protect against unauthorised operation of the device or use of information.
Data Integrity (DI): ensure the integrity of data on selected communication channels to protect against unauthorized changes.
Data Confidentiality (DC): ensure the confidentiality of data on selected communication channels to protect against eavesdropping.
Restrict Data Flow (RDF): restrict the flow of data on communication channels to protect against the publication of information to unauthorized sources.
Timely Response to Event (TRE): respond to security violations by notifying the proper authority, reporting needed forensic evidence of the violation, and automatically taking timely corrective action in mission-critical or safety-critical situations.
Resource Availability (RA): ensure the availability of all network resources to protect against denial of service attacks.
IEC 62443 – ISMS Advisory
In addition to our technical expertise around the 62443 standard, our advisory team, certified by the IEC, can help organisations with two key challenges:
- IEC 62443 section 2 – Policy, Asset Registers and Recovery
- IEC 62443 section 3 – Application and Risk Assessments
Our 62443 advisory team can develop your ICS specific information security management system (ISMS) or review your existing programme to ensure complete alignment with the IEC guidance. Our team can build and deploy a risk assessment framework to ensure continuous alignment.
IEC 62443 – Static Code Analysis & Vulnerability Management
Kontex’s Security Testing team will support your organisation with an often neglected aspect of the IEC 62443 requirements, static code analysis. To ensure system availability and resilience, our Security Testing team can pre-empt coding and security issues by examining source code before a program is run. It is done by analysing a set of code against a set (or multiple sets) of coding rules. Kontex’s Security Testing team can also support your IEC 62433 asset management and vulnerability management programmes
OT – ICS Technology Partners
As a Microsoft SecureX Gold partner, Microfocus Gold partner and Armis Gold partner, we also have the market leading tools to ensure complete IEC 62443 alignment.