The IEC 62443 standard states that the security of a plant passes first of all through Governance, specific policies and emergency management, in accordance with the lifecycle of OT Cyber Security.
Discover our consulting options for the security lifecycle
The implementation of the security lifecycle is the ultimate goal of a complete management process for large manufacturing companies, which includes detailed analysis and definition of corrective actions to protect OT devices from cyber attacks.
The activities recommended by the IEC 62443 standards focus on governance, disaster recovery, security policies, design and security measures for plants.
Our OT security lifecycle development consultancy includes a series of modular activities that make it easier for end-users to comply with IEC 62443 standards:
- Governance Support. In accordance with the Cyber Security Management System recommended by IEC 62443-2-1, our support includes the control of processes documented in IEC 62443-2-1, the preparation of documentation (manual, procedures, instructions, policy), and possible integrations with other management systems, including ISO 27001.
- Definition of the Emergency Recovery Plan. Taking into account business continuity and business needs, our specialists assist in the development of the plan, including hardware/software requirements and specifications and a specific plan to prevent the risk of cyber threat to potentially attackable infrastructures, or restore assets in the event of an attack.
- Development of OT Cyber Security Policies. The policies describe the requirements to be implemented to ensure a sufficient level of security of the technologies at the service of the production plants. Our technical support team prepares Policies to achieve these objectives of compliance with IEC 62443 (or NIST) standards.
- Support for High Level Design. Compliance with an OT architecture is related to the current state of the infrastructure. We analyze the current state, assisting the heads of Cyber Security of large manufacturing companies in establishing the measures (remediation) required to mitigate any security risks.
- Preparation of the Remediation Plan. A long-term schedule can be prepared on the basis of the implementable requirements, current state and available budget, to determine the remediation measures to adopt at the facility. Our technical support team assists with setup and implementation.
The activities for the ICS Lifecycle, if aggregated, constitute comprehensive consultancy; they can be agreed separately on request.
FAQ
The actions needed are divided into three main areas:
- Introducing organizational policies and procedures that include, for instance, training personnel who interact with the OT infrastructure
- Selecting the technical measures related to network segmentation, access control, authentication, and authorization
- Implementing and maintaining the risk and incident recovery management plan
The IEC 62443 guidelines identify three security lifecycle phases: assessment, implementation, and, finally, maintenance of the security level. It is precisely during the implementation stage that the company must structure the entire CSMS to protect itself from future cyber attacks. Based on what was found in the Assessment phase, the goal is to adopt a management system that includes procedures and strategies to prevent cyber attacks and protect industrial systems.
The most common and perceivable consequences in the industrial sector are mainly financial damages and damaged reputation due to production standstills, safety issues for operators, financial loss, or environmental damage. In addition to interrupted production after stopping the attacked systems, threats can also entail altering or inhibiting safety functions on machinery and systems; for example, when automation is implemented by safety PLCs connected online. Furthermore, the attacked systems releasing dangerous emissions into the atmosphere can also seriously impact the business.
Related Services
Recommended Posts
The IEC 62443 Standard, the international reference for Industrial Cyber Security
Considering the impact of Industry 4.0 on Industrial Cyber Security, the only way to apply […]
Read more
High Level Risk Assessment according to Industrial Cyber Security standards
The High Level Risk Assessment is the starting point of an Industrial Cyber Security Risk […]
Read more
Low Level Risk Assessment according to Industrial Cyber Security standards
The Low Level Risk Assessment is the analysis following the High Level Risk Assessment, in […]
Read moreWhy Choose us
- Experience in the OT Cyber Security field since 2014
- In-house OT Cyber Security laboratory
- In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Automation and OT network specialists
- Wide network of collaborations with the main international OT solution suppliers
What some of our customers say about us
-
"The collaboration was a very successful experience for both companies."
Cybertech
-
"We highly recommend H-ON Consulting service for their expert industrial knowledge concerning machines, process, digital data."
DAB PUMPS
-
"The biggest benefit our company received working with H-ON Consulting was a combination of on-going flexibility and most of all speed of delivery."
Sirio Sistemi Elettronici
-
"Their flexible and innovative approach to Cyber Security Risk Assessment had been the key for the success of our conformity project according to IEC 62443 standards."
Zach System
-
"We recommend H-ON Consulting because they are a firm that shares inspiring values, such as continuous professional growth and innovation seeking."
Körber Tissue
