Siemens gets IEC 62443 security certification for process control system

Siemens is the first company to obtain security certification from TÜV SÜD (German inspection and certification organisation) for an automation system based on IEC 62443-4-1 and IEC 62443-3-3. In August 2016, Siemens had already become the first company to receive the TÜV SÜD security certification according to IEC 62443-4-1 for the general development process for automation and drive technology products, including industrial software, employed at seven German development locations. This has now been followed by the first product certification according to IEC 62443-4-1 and 62443-3-3.

For the product certification according to IEC 62443-4-1 and 62443-3-3, TÜV SÜD tested and verified the security functions implemented in the Simatic PCS 7 process control system. The conformity of development and integration processes was also checked. Regularly repeated audits will also ensure that Simatic PCS 7 continues to meet the required standards and concepts in future, and so retain the right to bear the certification. As a leading automation and software supplier to industry, Siemens is continually improving its products and solutions in terms of industrial security. This also includes certification based on IEC 62443. With this certificate, the company documents its security approach to automation products, and gives integrators and operators a transparent insight into its industrial security measures.

The Simatic PCS 7 process control system from Siemens controls and monitors continuous manufacturing processes, such as those in chemical and cement plants, the water and waste water sector, and the pharmaceuticals industry. As plant downtime in these industries can have enormous effects, both functional safety and industrial security are very important. Simatic PCS 7 provides a large number of functions for industrial security: These include segmentation into zones and security cells, the security of access points and user authentication, secure communication, patch management, system hardening, virus scanners and whitelisting. The comprehensive security measures and functions for Simatic PCS 7 contribute toward safeguarding plant operation, and so avoid plant downtimes and expensive outage times.

The international standard IEC 62443 describes an IT security concept based on the deeply tiered "defense-in-depth" approach, in which device and system suppliers, system integrators and operators are involved and contribute toward the overall solution. On the basis of lEC 62443, companies can examine the potential weak points in their control system and develop effective protective measures.