The international IEC 62443 series of standards 'Industrial communication networks - IT security for networks and systems' deals with the cybersecurity of 'Industrial Automation and Control Systems', or IACS for short. Divided into different sections, the industry is assigned different roles such as operator, integrator or manufacturer. Each of these roles follows a risk-based approach to the prevention and treatment of security risks. The series of standards describes technical and procedural aspects of industrial security.

The VDMA considers the application of an internationally harmonized industry standard in the field of security to be more effective than in-house developments, as such a standard directly incorporates the experience of the companies concerned and allows manufacturers to develop internationally compatible products. The IEC 62443 guideline that has now been published supports the mechanical and plant engineering industry with security in operating processes and the resilience of products against cyber attacks and other IT-induced damage in the company. "We promote the integration of security in machines and systems and offer companies a practical guide for this," explains Steffen Zimmermann, Head of the Competence Center Industrial Security at VDMA.

The goal: Implement security level 2

The VDMA considers it essential that industrial security can be implemented in a practical manner without losing its claim to effectiveness. "With our guidelines, we show companies a practicable way of implementing IEC 62443 requirements," says Zimmermann. The aim is to implement security level 2 of IEC 62443, which means preventing more than just accidental interference.

The guide offers newcomers in particular an opportunity to familiarize themselves with IEC 62443. It is important to note that, in addition to current challenges, companies must also keep an eye on future threats in order to drive current product developments forward. "Those responsible for security need staying power on the journey into the unknown," says Zimmermann, "Security doesn't come about on its own, and those who rest on their laurels can easily fall back again."

Security "Made in Europe" as a competitive advantage

The VDMA is convinced that a competitive advantage can be achieved not least by strengthening security "Made in Europe", which will be all the more significant the more the requirements for industrial cyber security grow. This is particularly true if industrial security is recognized as an essential product feature alongside classic, function-oriented security and is established as part of the product life cycle of networked systems in the design of the products, cyber-secure commissioning and throughout the period of use.

The guide can be obtained from the VDMA webshop.