Try   HackMD

DeviceOn for IEC 62443

What's IEC 62443

The International Electrotechnical Commission (IEC) 62443 comprises a collection of cybersecurity standards specifically designed for safeguarding industrial automation and control systems (IACS). This comprehensive framework encompasses various sections that address the critical aspects of securing automation and control systems in terms of processes and technological considerations.

Within the IEC 62443 standard, security topics are categorized based on the stakeholders and their respective roles, which include IACS product manufacturers, service providers, and operators. It is imperative for individuals and organizations fulfilling these roles to adhere to the recommended risk-based approach in order to effectively prevent and mitigate security risks.

A Breakdown of the IEC 62443 Standards

There are four parts to the IEC 62443 standards. The first part covers common topics for the whole standards series. The second part covers IACS security processes and techniques. The third part defines system-level requirements, while the fourth part details IACS product and component requirements.

The standards propose a cybersecurity management system (CSMS) with the following elements:

  • Initial risk assessment and prioritization.
  • Detailed technical risk assessment.
  • Creation of security policies.
  • Identification and implementation of countermeasures.
  • Maintenance of the CSMS program.

Here is a brief outline of the key IEC 62433 standards:

  • IEC 62443-1-1 defines IACS security concepts and terminology.
  • IEC 62443-2-1 defines the necessary elements for an IACS program and CSMS, offering recommendations for achieving these elements.
  • IEC 62443-2-3 addresses security for IACS vendors with IACS patch management programs. It recommends a format for sharing security patch information, although it is also useful for other updates and patches unrelated to security.
  • IEC 62443-2-4 addresses security capabilities that IACS service providers must offer asset owners when integrating and maintaining the solution.
  • IEC 62443-3-1 covers IACS security technologies, including available tools and mitigation measures. It assesses these security controls, their benefits and drawbacks for securing critical infrastructure environments.
  • IEC 62443-3-2 shows how to define a System Under Consideration (SUC), which is a regulated AICS system. This definition involves breaking up the regulated system into units called conduits and zones, making it easier to assess risks to different parts of the system. In addition, this standard specifies how to design, implement, and operate an IACS system using security best practices and standard engineering practices, identify risks to the system, and apply countermeasures.
  • IEC 62443-3-3 defines technical control system requirements related to the foundational requirements outlined in IEC 62443-1-1. These requirements are useful for various IACS stakeholders. End-users can apply them to an integrated IACS or leverage an automated solution.
  • IEC 62443-4-1 defines the requirements for building secure IACS products and components, including secure development lifecycle requirements. It recommends security requirements including secure coding and patch management guidelines.
  • IEC 62443-4-2 defines technical requirements for control system components. Each component can reach a certain security level, based on the requirements the organization chose to implement.

What Does IEC 62443 Mean for IoT Security?

The IEC 62443 standard applies to many types of devices, but it is highly relevant for internet of things (IoT) devices. Let’s take a closer look at two sub-standards that have a major impact on regulated IoT devices.

IEC 62443-4-1 (Secure Development Lifecycle)

This standard specifies requirements to ensure a secure development process for products used in an industrial automation and control system. IEC 62443-4-1 defines the cybersecurity requirements for a security development lifecycle (SDL), with guidance to help companies meet these requirements. The SDL includes the following elements:

  • Defining the security requirements
  • Designing secure systems
  • Implementing security (includes coding guidelines)
  • Verifying and validating the implementation
  • Managing defects and patches
  • Handling the end of the product life cycle

These requirements may apply to new or established processes to develop, maintain, or retire software, hardware, and firmware.

IEC 62443-4-2 (Technical System Component Requirements)

This standard provides technical component requirements (CRs) for control systems. It relates to the FRs (foundational requirements) defined in IEC 62443-1-1, defining requirements for achieving the security levels of the control system and its components (SL-C).

The 7 FRs defined in IEC TS 62443-1-1 are:

  1. Identification and Authentication Control
  2. Use Control
  3. System Integrity
  4. Data Confidentiality
  5. Restricted Data Flow
  6. Timely Response to Events
  7. Resource Availability

These FRs form the basis for defining the security capability levels of a control system. This standard’s purpose is to define each component’s security capability levels.

Compliance Challenges for IoT Devices

Achieving IEC 62443 compliance for Internet of Things (IoT) devices is a complex, layered process. The following are two key challenges your organization will probably face when addressing them.

Implementing Security Controls for Communication Networks

IEC 62443-4-2 focuses on establishing and maintaining the security of industrial automation and control system (IACS) networks. Compliance with this standard requires implementing specific security controls for communication networks within IoT devices. This includes measures such as network segmentation, access controls, secure remote access, and intrusion detection systems. The challenge lies in integrating these security controls seamlessly into the IoT device's network architecture, ensuring that communication between different components and systems is secure and protected against unauthorized access or tampering. Organizations must carefully design and configure their IoT devices to comply with the requirements of IEC 62443-4-2 while maintaining seamless connectivity and functionality.

Ensuring Secure Development and Testing Processes

IEC 62443-4-2 emphasizes the importance of secure development and testing practices for IoT devices. Compliance requires implementing secure coding practices, conducting security testing, and verifying the absence of known vulnerabilities in the device's software and firmware. Organizations must establish robust development and testing processes that incorporate security from the initial stages of design and continue throughout the device's lifecycle. This includes conducting vulnerability assessments, penetration testing, and code reviews to identify and address potential security weaknesses. The challenge lies in integrating security practices into the development and testing workflows, ensuring that all personnel involved understand and follow secure coding guidelines and that the necessary tools and resources are available to support secure development and testing activities.

Addressing these compliance challenges requires a holistic approach that combines technical expertise, process improvements, and organizational commitment to security. It is essential to have skilled personnel who understand the requirements of IEC 62443-4-2 and can effectively implement the necessary security controls. Furthermore, organizations should establish secure development practices, provide adequate training and resources for developers and testers, and incorporate security testing into the device's development lifecycle. Regular audits and assessments can help ensure ongoing compliance with IEC 62443-4-2 and the security of IoT devices in industrial environments.

Why Advantech's Device are Compliant with IEC 62443-4-1 and IEC 62443-4-2?

Advantech's DeviceOn IoT solution is designed with insights from Lockheed Martin's analysis of hacker attack patterns, including the stages of "Reconnaissance," "Weaponization," "Delivery," "Exploit," "Installation," "Command & Control" and "Action on Objectives." The development process of DeviceOn adheres to the operational procedures outlined in IEC 62443-4-1, which align with current product development practices and the Secure Software Development Life Cycle (SSDLC). These procedures are specifically tailored to meet the security development life cycle requirements and establish cybersecurity standards for the product.

The implementation includes various measures to mitigate potential security risks and enhance product safety. These measures encompass risk assessment forms for secure development, vulnerability verification using automated tools for weakness detection, reducing security risks that may impact the product's safety. The solution also facilitates efficient inventory management of open-source components and tracks and manages cybersecurity incidents.

Integrated Hardware and Software

Our solution's key advantage lies in the seamless fusion of high-quality hardware and software components, enabling our customers to establish secure and dependable connections for their valuable assets and products in mission-critical applications. We accomplish this through the implementation of IEC 62443 gateways, which adhere to rigorous industrial cybersecurity standards. By employing these gateways, our customers can enjoy enhanced protection against potential threats, ensuring the integrity and confidentiality of their critical systems. Moreover, the integration of premium hardware and software guarantees optimal performance, stability, and longevity, delivering a comprehensive and robust solution that meets the stringent requirements of today's technology-driven industries.

Cybersecurity by Design

Our solution has been meticulously crafted with cybersecurity best practices deeply embedded within its core. Operators can confidently depend on a secure and safeguarded environment throughout the entire lifecycle of the product. Our approach encompasses robust security measures that address potential vulnerabilities from the initial design stages to deployment, operation, and beyond. By adhering to industry-leading cybersecurity standards and implementing proactive measures such as encryption, authentication protocols, and continuous monitoring, we ensure that the solution provides a resilient and impregnable shield against potential threats. Additionally, regular security updates and patches are applied to fortify the system against emerging risks. With our solution, operators can operate within a trusted ecosystem, fostering a safe and protected environment for their critical operations and data.

End-to-End Cybersecurity

Our comprehensive cybersecurity framework spans from the edge to the cloud, encompassing a range of sophisticated features and technologies. Starting with embedded devices and edge gateways, we incorporate robust security measures to safeguard these components against potential threats. Our edge software is meticulously designed with cybersecurity in mind, incorporating encryption, access controls, and intrusion detection capabilities to ensure the integrity and confidentiality of data. Additionally, our solution supports secure communication protocols, employing hardware encryption and authentication mechanisms to establish secure connections between devices and cloud. Furthermore, we seamlessly integrate with Cloud IoT platforms, implementing stringent security measures to protect data transmission and storage in the cloud. Through the deployment of these advanced cybersecurity features, we provide end-to-end protection, enabling our customers to confidently operate their systems while mitigating the risks associated with cyber threats across the entire spectrum, from edge devices to cloud-based infrastructure.

Main Security Features

Data Encryption

The user data stored in both the device and cloud database undergoes stringent encryption measures, adhering to industry-compliant standards. Regardless of the device's operational state, whether it is running or shut down, or the mode of data transmission through any network, encryption ensures the confidentiality and integrity of the data. Specifically, the encryption in-transit is safeguarded by employing TLS v1.3, a robust and secure protocol for secure communication over networks. Additionally, the storage engine utilized by default applies AES-256 encryption, leveraging the OpenSSL library, to protect data at rest.

Unique Certificates

The device identification process leverages a hardware Trusted Platform Module (TPM) and operates within a Public Key Infrastructure (PKI) framework. This ensures the generation of unique and secure device identities. The hardware TPM provides a trusted environment for cryptographic operations, ensuring the integrity and authenticity of the device identification process. The PKI infrastructure enables the management of digital certificates and key pairs, establishing a reliable and scalable framework for secure device identification and authentication.

Furthermore, our communication system ensures robust security measures by implementing multi-factor authentication for all participants. Each participant undergoes a stringent authentication process that involves multiple factors, such as something the user knows (e.g., password or PIN), something the user possesses (e.g., smart card or token), and something the user is (e.g., biometric characteristics). This multi-factor authentication approach significantly enhances the security posture of our communication system, reducing the risk of unauthorized access and mitigating the potential impact of compromised credentials.

By incorporating hardware TPM-based device identification and multi-factor authentication, our solution provides a strong foundation for secure and trusted communication. These measures not only safeguard against unauthorized access but also ensure the integrity and authenticity of participants in the communication system, bolstering the overall security and confidentiality of data transmitted and processed.

Provisioning System

Our solution incorporates a secure boot sequence and onboarding procedure, ensuring the integrity of the device's initial state and its secure communication. During the boot process, the device undergoes a series of verifications to ensure the authenticity and integrity of the firmware and software components. This helps prevent unauthorized modifications or tampering. Additionally, the device securely communicates with our certificates, which are generated and communicated with CA server from the hardware Trusted Platform Module (TPM). This strengthens the overall security of the device and establishes a trusted connection for secure and encrypted communication.

Cybersecurity of DeviceOn

Secure Boot

[T.B.D] Operating system level

TPM Support

Our system utilizes the Trusted Platform Module (TPM) to verify firmware signatures against certificates or encryption keys. Additionally, it enables the encryption and decryption of sensitive data, such as database passwords, received from DeviceOn.

System Integrity

DeviceOn actively monitors and analyzes errors, abnormal events, and security-related incidents, enabling proactive identification of potential attacks. It facilitates the analysis of these events and aids in carrying out preventive maintenance measures.

Role-Based Access

Device and data access is segregated based on permissions and roles, a critical measure to mitigate the risk of unauthorized privilege escalation. By enforcing strict segmentation, only authorized individuals or systems with the necessary privileges can access specific devices and data, reducing the likelihood of unauthorized actions or data breaches. This segmentation ensures that each user or system operates within their designated scope, enhancing overall system security and preventing potential exploits related to unauthorized access or privilege escalation.

Compliance

Our implementation adheres to the guidelines provided by reputable organizations like GSMA, OWASP, and the Industrial Internet Consortium (IIC), as well as industry standards such as IEC-62443. Additionally, we have a rigorous policy in place to address critical vulnerabilities promptly by applying necessary patches within a strict timeframe of 72 hours. This proactive approach ensures that potential security risks are swiftly identified and mitigated, safeguarding the system against emerging threats and maintaining a robust security posture.

Data Sovereignty

DeviceOn offers support for both on-premise deployment as well as deployment on cloud platforms such as AWS, Azure and GCP. This ensures that you retain complete ownership and privacy of your data. Your data remains under your control, and unauthorized access is prevented. It's worth noting that if you choose to deploy on a public cloud, most cloud service providers already adhere to the General Data Protection Regulation (GDPR), ensuring that your data is handled in compliance with stringent privacy and security standards. This provides an additional layer of assurance and eliminates concerns regarding the security and privacy of your data when leveraging public cloud infrastructure.

tags: IEC 62443 DeviceOn