IT Security Certification for Automation Products and Solutions as a Competitive Advantage
Better protection of critical infrastructure
Once the domain of production environments, industrial automation and control systems (IACS) are now ubiquitous in critical infrastructure, such as water and wastewater systems, power supply, transport and logistics, and food supply. Compromised cybersecurity on this critical infrastructure could result in sustained bottlenecks in supply chains and significant disruptions to public safety. To protect against such scenarios, the International Electrotechnical Commission published IEC 62443, a series of standards that addresses cybersecurity in automation and control systems.
WAGO called on us to consult its R&D units on how to prepare for IT security certification as specified in these standards.
To meet market needs and customer requests for secure products, the company decided to design its hardware and software accordingly. The goal is to ensure that products do not hold any weak points – or in other words, that products are “secure by design.” A secure-by-design approach is increasingly important as a result of the increasing fusion of IT and OT, which has given rise to Industry 4.0 and the Internet of Things.
As per IEC 62443, cybersecurity must be implemented during product development, and technical certification bodies require proof of adherence on a yearly basis. However, WAGO did not have the necessary processes in place to deliver on these requirements. And with a tight timeframe, success hung in the balance.
Maintaining R&D’s profitability and performance
We provided thought leadership and hands-on technology consulting to WAGO’s R&D unit. This consisted of bringing in Siemens Advanta’s experts to apply IT security concepts and defining modern processes so that product architecture can be designed in line with the requirements. All the while, the focus was on solutions that maintained WAGO’s profitability and performance. An example here is fulfilling the standard while avoiding costly overdesign. Our service also extended to continuous collaboration with technical certification bodies.
The collaboration with us has paid off for WAGO. Within just 18 months, WAGO has achieved its first milestone with the certification of its processes according to IEC 62443. Currently, the company is working on a product that adheres to the standard and will soon be made available to clients. This accomplishment sends a clear message to the market and sets the stage for business growth. Furthermore, applying IEC 62443 ensures a consistent security concept across the entire lifecycle and with all stakeholders, such as the asset owner and system integrator.
Yet this isn’t a one-off for WAGO. The company’s experts will be able to implement their newly won expertise in future projects too. Thanks to a streamlined process, yearly reports for certification bodies can be produced very efficiently.
Adherence to IEC 62443 is particularly important as governments around the world start introducing legislation calling for cybersecure designs in IACS. One example is the European Union’s Cyber Resilience Act, which could go into effect as early as 2026. WAGO has already taken a huge step toward fulfilling this and any legislation that may come.
Dive deeper: Related content
Networks and Data Ecosystems Essential for the MedTech Industry’s Circular Future
The future of MedTech lies in the power of networks and data ecosystems, enabling the industry to build a circular and resilient healthcare ecosystem. Data ecosystems are the various actors, services, and applications (software) that use data to share and exploit it economically or socially.