Jump to the main content

IEC 62443

A Member in Good Standing of TIC Council | TÜV®

Solutions for Security of Operating Systems and IEC 62443


Cyber Security

Risk-Analysis and -Management based on IEC 62443

With increased connectivity of production assets (IIoT), new hazards are emerging that need to be included into the traditional risk management processes. As part of operational hazard analysis and occupational health & safety risk management, risk assessments for production facilities should be extended to include aspects of IT networking and software/application risks.


Cyber Security & IT/OT Integrity

Why do I need this?

TRITON-Malware-Framework as an example

One of the best-known representatives of industrial plant-specific malware is Triton, which was first discovered in 2017 in a Saudi-Arabian chemical factory. It attacks the plant's security system in a targeted manner in order to take over and control it from a distance. The software had already been slumbering in the system for several years before it caused the plant to fail twice in 2017. However, the attackers could also have triggered the release of dangerous gases or explosions, which would have endangered not only economic resources but also human lives.

Myth 1

We're not connected to the internet

Myth 2

We're secure because we have a firewall

Myth 3

Hacker's don't understand SCADA/DCS/PLC

Myth 4

Our facility is not a target

Myth 5

Our Safety Systems will Prevent any harm

Asset Owner

Thanks to the IEC 62443 standard, the machine / system operator knows the security requirements of his company. You are thus able to both secure your production and expand your operation with new machines or process installations, that meet the security requirements, without much additional measures (IEC 62443 3-2, 3-3).


System Integrator

The IEC 62443 standard enables you as system integrator and machinery manufacturer, to build and install plants with defined security requirements (IEC 62443 3-2, 3-3). This enables seamless integration into existing systems with known safety requirements.


Product Supplier

The industrial control manufacturer (IACS) can include the consideration of security requirements under IEC 62443 4-1 in its product development processes in order to develop industrial controls with the security requirements relevant to its customers in accordance with IEC 62443 4-2. Maintenance and service processes are designed safely according to IEC 62443 2-4.


Risk factors

What areas do you have to pay attention to?

Asset Performance & Risk Management

Up to some 15 years ago, Asset Performance and Safety was based on Technical Integrity and Processes and Systems. It was then recognised that Human Factors had a major impact on Safety and Performance. Common Risk Mgt assumptions are that up to 80% of all safety and performance incidents have Human Factors as a Root Case.

It is important to understand that Cyber Security integrity losses can have a major impact on Safety & Performance. Cyber incidents can have their cause in Human Factors, on systems as well as direct technical Integrity.

HumanFactorsSystems/ProcessesTechnicalIntegrityCyber Security

Security from a single source

TÜV AUSTRIA accompanies clients on their way to certification according to IEC 62443 with comprehensive analysis and consulting services as well as support during implementation. Thanks to its holistic approach, TÜV AUSTRIA ensures continuous risk minimisation, competitive advantages due to the proof of an independent third party and consistent safety.


Our services in detail

    Industrial facilities

  • Segmentation of networks – IT/OT
  • Incident and patch management
  • Conducting vulnerability assessments and penetration testing
  • Training for security awareness of employees

    IoT, IIoT and Industrial Automated Control Systems (IACS)

  • Secure product development, integration and certification
  • Security hardening
  • Secure hard- & software for the whole product life cycle

    Physical & cognitive assistance systems

  • Security by design
  • Collaborative robotics and AR/VR
  • Workspace evaluation

IEC 62443-Family Overview

Part 1: General

Part 1-1Terminology, concepts and models
Part 1-2Master glossary of terms and abbreviations
Part 1-3System security compliance metrics
Part 1-4IACS security lifecycle and use-cases

Part 2: Policies & Procedures

Part 2-1Establishing an industrial automation and control system
Part 2-2Implementation guidance for an IACS security management system
Part 2-3Patch management in the IACS environment
Part 2-4Security program requirements for IACS service providers

Part 3: System

Part 3-1Security technologies for industrial automation and control system
Part 3-2Security risk assesment and system design
Part 3-3System requirements and security levels

Part 4: Component / Product

Part 4-1Secure product development lifecycle requirements
Part 4-2Technical security requirements for IACS components

Contact form

  •  | Print
to top