The purpose of IEC 62443 is to protect the end user. The standard states that detailed analysis of the most critical assets is essential to achieve the goal.
Request a detailed analysis of the cyber risk with the IEC 62443 method
The protection of critical infrastructures and key resources is essential for security and productivity, which is why the Cyber Security Risk Assessment service is based on the pillars of the IEC 62443 standard, which sets down a systematic method for managing cyber risks at industrial plants.
The ICS Risk Assessment service provides a two-step path of modular analysis:
- High Level Risk Assessment. Development of high-level IEC 62443 risk assessment according to the process described in IEC 62443-3-2, including business logic.
- Low Level Risk Assessment. Preparation in detail of the risk assessment according to the process described in IEC 62443-3-2, after a high-level risk assessment. The detail is based on the high-level result only for the most critical assets.
In particular, the detailed analysis covers the threats to which the systems are exposed. The analysis focuses on several factors, such as the vulnerabilities already known, their complexity, what countermeasures and procedures have been adopted previously and whether there are operational practices already in place for the correct management of the human factor, often the main vehicle of cyber attacks.
This information is then used for the correct drafting of the Cyber Security Specifications for the protection of the most critical assets installed at the plant.
In IEC 62443/ISA 99 terms, an OT system is defined as a “control system,” that is, a hardware or software component intended to be integrated into a final industrial automation and control system. PLCs, HMIs, SCADA systems, and safety instrumented systems are examples of OT systems.
The legislative references in the IEC 62443 standard directed at OT device manufacturers are found in IEC 62443-4-1 and IEC 62443-4-2 regarding the design requirements in conformity with legislation for systems, sub-systems, or hardware or software components.
As defined in IEC 62443-4-1, the manufacturer is required to implement certain cyber security practices when developing the product:
- Specification of Security Guidelines
- Security by design
- Secure Implementation
- Security V&V Testing
- Security Guidelines
Why Choose us
- We have gained experience in the OT Cyber Security field since 2014
- We test every solutions thanks to our in-house OT Cyber Security laboratory
- Our specialists are IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Automation and OT Network Security are some of our most performing competences
- We have bulit a wide network of partnerships with the main international OT solution suppliers
- Our BYHON internal division is the ISASecure® accredited certification body
What some of our customers say about us
"Their flexible and innovative approach to Cyber Security Risk Assessment had been the key for the success of our conformity project according to IEC 62443 standards."
"We recommend H-ON Consulting because they are a firm that shares inspiring values, such as continuous professional growth and innovation seeking."
"The biggest benefit our company received working with H-ON Consulting was a combination of on-going flexibility and most of all speed of delivery."
Sirio Sistemi Elettronici
"We highly recommend H-ON Consulting service for their expert industrial knowledge concerning machines, process, digital data."
"The collaboration was a very successful experience for both companies."