Author: Samuel Pasquier
Date: September 10, 2019
Every sector focused on automation and control – from manufacturing and transportation to utilities – relies on the ISA99/IEC 62443 series of standards to ensure the security of critical infrastructure. At Cisco, we are proud that not only have we been serving as a contributing member in defining these standards, but we are also among the first networking companies to obtain two IEC 62443 certifications for our industrial switches.
In July, Cisco obtained a dual certification for the Cisco Catalyst IE3x00 Rugged Series Switches, which provide security, robustness and flexibility at the network edge.
This combined certification, which includes IEC 62443-4-2 and IEC 62443-4-1, covers both product security and secure development life-cycle requirements, and uniquely positions Cisco to help our customers meet compliance requirements from procurement mandates to ongoing assurance that products can be trusted.
Product Security Certification: IEC 62443-4-2
IEC 62443-4-2 covers Security for Industrial Automation and Control Systems: Technical Security Requirements for IACS Components.
The IEC 62443-4-2 standard delineates cybersecurity technical requirements for components that make up an industrial automation and control system – specifically, the embedded devices, network components, host components and software applications. For the Cisco Catalyst IE3x00 Rugged Series Switches, those security capabilities include:
- Hardware trust anchor and Secureboot
- Run time defenses
- Visibility and troubleshooting
- Modern crypto
- Authentication, authorization and accounting (AAA)
Product Life-Cycle Certification: IEC 62443-4-1
In April, Cisco obtained certification for IEC 62443-4-1, Product Security Development Life-cycle Requirements, for all IoT and Industrial IoT products in our portfolio. This reflects our longstanding commitment to a secure development lifecycle. In fact, our experience with the Cisco Secure Development Lifecycle helped in shaping this global standard.
With this certification, our customers have further assurance that every stage of the Cisco Secure Development Lifecycle process meets rigorous cybersecurity standards. In addition to ensuring no “back doors” for attackers to exploit, this certification underscores that we maintain a security culture – and that our products can be trusted to be secure even after new features are added or updates are implemented. This is especially important in an environment where Industrial IoT (IIoT) merges with existing Industrial Automation and Control Systems in a more agile environment.
My colleague, Maik Seewald – a contributing member to ISA99 and IEC 62443 standards – explains the value of these dual certifications: “When customers choose Cisco Catalyst IE3x00 Rugged Series Switches, they have not only confidence that we meet the component requirements as specified in IEC 62443-4-2, the dual certification with IEC 62443-4-1 ensures that this is not just a snapshot but a product (family) where a secure development process is an essential part of product creation and deeply rooted in the culture of our development teams.”
And these certifications are just the tip of the iceberg regarding Cisco’s commitment to industrial security. In August, Cisco completed the acquisition of Sentryo – a France-based company that provides asset visibility and cybersecurity solutions for industrial control systems. Because security will always be top of mind for our customers, Cisco IoT will continue to build and deliver certified products that address their security needs.
Used with permission from Cisco.