Cybersecure? Focus on Information Technology (IT) and Operational Technology (OT) systems is critical
Many aspects of our world are interconnected. We rely upon connected systems in our daily work and private lives. On an industrial level, factory systems are also interconnected – and these industrial and private systems are in the process of converging.
With increasing interconnectivity, comes increased focus on cybersecurity concerns. By securing Information Technology (IT) and Operational Technology (OT) systems, you can protect your data and ensure uptime for your systems. The topic of cybersecurity is not a new one. However, its importance is growing in everyday life.
The time to act is now
As threats to and even breaches of IT and OT systems become increasingly common, governments implement legislation to ensure appropriate and proven risk mitigation. Across the world, efforts to improve cybersecurity focus on critical sectors. The definition of “critical” varies, but typically includes the following sectors, to name a few:
- Energy & Transportation
- Food & Agriculture
- Chemical & Industry application
- Communication & Digital infrastructure
- Water supply & Wastewater treatment
- Defense
- Financial Markets
- Health
Examples of such legislative initiatives are the NIS and NIS 2 Directives in Europe and the National Cyber Security Strategy in the US. Many elements of the upcoming legislations are in place, and implementation of the supporting standards has begun. Here, the frame of IEC 62443 for OT is expected to play an essential role.
Ready to act? Here’s how:
For OT systems, the standard IEC 62443 provides processes and guidance on how to implement best-practice cybersecurity measures in industrial automation and control systems (IACS). Depending on your role, all parts of the standard IEC 62443 are relevant, separately or combined. For example:
- IEC 62443-2-1 Measures to mitigate cybersecurity risk in Information Technology (IT) and Operational Technology (OT)
- IEC 62443-3-3: Technical requirements for control systems
- IEC 62443-4-1: Secure product development lifecycle processes
- IEC 62443-4-2: Technical requirements for components
An important element of the standard is the concept of Security levels (SL). SLs help you to determine the cybersecurity risk exposure of a specific system and to find relevant measures to mitigate this risk. The overall purpose of the standard is to protect entire systems and therefore, cascading each risk mitigation measure is a valid strategy. For example, this means that a well-placed and well-maintained firewall can protect several devices behind it. Not every component requires its own firewall.
How do I secure my drive?
Variable speed drives and power converters from Danfoss control physical processes in operational facilities. In most installations, Security Level 1 (SL1) provides a good balance between mitigating risk exposure of the drive, while maintaining good usability for commissioning and service situations. The development process at Danfoss Drives is certified according to IEC 62443-4-1, ensuring that customers receive securely developed drives following a strict process. This process ensures that internal agents cannot manipulate the firmware.
Cybersecurity begins with the supplier
At Danfoss Drives, we take the role of cybersecure supplier seriously, and strive to ensure the most up-to-date protection against unauthorized access for our customers. Our product development processes are certified for cybersecurity, ensuring optimal cybersecure design of the products manufactured in our own factories. Danfoss is a proud member of the Charter of Trust alliance. This alliance brings together flagship companies around the globe, to establish and promote the highest standards of cybersecurity. As an industry alliance, the Charter of Trust is a non-profit alliance, working to strengthen the commitment to advancing harmonized cybersecurity approaches to make the digital world of tomorrow safer.
Risk mitigation begins with good product design
Although cybersecurity is not a new field, it is advancing fast. To support the security of your power train, Danfoss is in the process of implementing the required risk mitigation measures in products and providing helpful documentation.
Find further information in the following section. Or contact our experts directly: Find contact details for Danfoss and partners in our contact center.
Danfoss is certified for its secure product development lifecycle.