Industry standard for cybersecurity

Endress+Hauser is invest­ing in IEC 62443–4‑1 cer­ti­fi­ca­tion to ensure cyber­se­cu­ri­ty in terms of prod­uct devel­op­ment process­es and prod­uct life cycles. This has been con­firmed by TÜV Rhein­land through its cer­ti­fi­ca­tion. As a result of its com­pli­ance with cer­ti­fied guide­lines, the com­pa­ny con­tributes to the reli­able and safe oper­a­tion of its prod­ucts in its cus­tomers’ plants.
The man­u­fac­tur­er’s mea­sur­ing devices and com­po­nents ensure safe and reli­able oper­a­tion of process plants in count­less process­es. Cyber­se­cu­ri­ty for indus­tri­al plants and the Indus­tri­al Inter­net of Things (IIoT) are increas­ing­ly com­ing to the fore. In view of advanc­ing net­work­ing and dig­i­tal­iza­tion, it is essen­tial to pro­tect pro­duc­tion plants and their automa­tion tech­nol­o­gy from unau­tho­rized access.
In order to pro­tect cus­tomers’ pro­duc­tion facil­i­ties in the best pos­si­ble way, Endress+Hauser lays the foun­da­tions for secure oper­a­tion as ear­ly as the plan­ning and devel­op­ment process for its prod­ucts and ser­vices. The fact that this prod­uct devel­op­ment process, as well as the life cycle of the prod­ucts, meet the high­est inter­na­tion­al stan­dards was con­firmed by TÜV Rhein­land in March with cer­ti­fi­ca­tion in accor­dance with the IEC 62443–4‑1 standard.
 

“This is proof of the qual­i­ty of our work, which we are very pleased about. In view of the tech­ni­cal advances — just think of the Advanced Phys­i­cal Lay­er or IIoT prod­ucts — it is very impor­tant to us not only to dri­ve dig­i­ti­za­tion, but to con­tin­ue to ensure the secu­ri­ty of our devices and soft­ware in lock­step. With this cer­ti­fi­ca­tion, we ensure that all col­leagues involved work at the same secu­ri­ty lev­el. In this way, we are lay­ing the foun­da­tion for being able to offer high-qual­i­ty mea­sure­ment tech­nol­o­gy, automa­tion and IIoT prod­ucts for net­worked pro­duc­tion in the future as well.”
— Mirko Brcic, Prod­uct Secu­ri­ty Officer
 

Safe automation technology

Align­ing com­pa­nies’ process­es with IEC 62443–4‑1 ensures, among oth­er things, that prod­ucts are devel­oped from the start, tak­ing into account all safe­ty require­ments, and that even sup­plied com­po­nents do not pose a risk. In addi­tion, there are code analy­ses and reviews as well as pen­e­tra­tion tests and the pro­vi­sion of secu­ri­ty updates. In total, eight dif­fer­ent areas can be used to define what a secure devel­op­ment process for prod­ucts should look like:
 
Secu­ri­ty management
Spec­i­fi­ca­tion of secu­ri­ty requirements
Secure design guidelines
Secure Implementation
Ver­i­fi­ca­tion and val­i­da­tion of secu­ri­ty features
Vul­ner­a­bil­i­ty management
Cre­ation and pub­li­ca­tion of secu­ri­ty updates
Secu­ri­ty prod­uct documentation
Strong innovation