IEC 62443 infographic

IEC 62443 Updates in 2024

Searching for the IEC 62443 latest version? You have come to the right place, but since IEC 62443 is not one single document but a set of several documents, there is no single latest version. You can read about the latest changes here.

What is IEC 62443?

IEC 62443 is a set of standards, technical specifications and reports that deal with OT cyber security also known as Industrial Cybersecurity. This is one of the few globally used standards for protecting Industrial Control Systems and other OT systems from cyber threats. IEC stands for the International Electrotechnical Commission.

——————————-Announcement——————————————

Interested in learning more and qualifying as a Certified Professional without breaking the bank? Join the Abhisam CICP program and earn the title of CICP (Certified Industrial Cybersecurity Professional) when you complete the course and pass the exam.

Certified Industrial Cybersecurity Professional logo

———————————————————————————————–

What are the IEC 62443 latest version changes in the year 2024?

This standard earlier had 4 categories and there were different documents in each category. The categories were earlier numbered as IEC 62443-1, IEC 62443-2 and so on. A standard or a technical report in the IEC 62443 series  has the number IEC 62443-x-y where x is the Category number and y is the document number. For example IEC 62443-2-3 deals with Patch Management and is the third document in Category 2.

These categories have now been expanded and we have now six categories ranging from  IEC 62443-1 to IEC 62443-6. Before we proceed, if you are not familiar with OT Systems, you can read the para below before proceeding.

Else you could directly view the IEC 62443 latest infographic here. It is a smart Infographic and you can click on any box to see a popup with more information about it.

Click the image below to view the Smart version.

IEC 62443 infographic

What do we mean by OT Systems?

OT Stands for Operational Technology and include Industrial Automation and Control Systems (IACS for short) that are based on various technologies. These systems could be of many types including analog, electro-mechanical, pneumatic, hydraulic or programmable electronic type that are based on microprocessors.

The programmable microprocessor based systems are vulnerable to cyber attacks. These could be of DCS (Distributed Control System), PLC (Programmable Logic Controller), SCADA (Supervisory Control and Data Acquisition system), PC based systems and others. All of these systems are computer based systems that are used to monitor and control many types of processes that could be industrial processes or transportation equipment (such as airplanes, ships and spacecraft) or warehouses or medical equipment or industrial robots and so on. In other words any cyber-physical system that uses computer control.

These systems are susceptible to cyber attacks from many entities including cyber criminals such as ransomware gangs, state hackers wanting to disrupt a country’s manufacturing or critical infrastructure, or even non state actors, such as environmental hacktivists.

Summary of changes in IEC 62443 in 2024 up to now.

1. The number of categories have changed from the earlier 4 to now 6. However there is no document that is in Category 5, it is just reserved for use later. So there is no IEC 62443-5-1 or anything like that.

2. IEC 62443-4-3 which was in draft mode and was for Industrial Internet of Things (IIoT) devices has been put in category 1 with a new number as IEC 62443-1-6. It is still in draft mode.

3. IEC 62443-6-1 has been released. It is an evaluation guide for third party assessors to examine compliance to IEC 62443-2-4.

4. IEC 62443-1-5 has been released. It deals with Security Profiles. In future, typical security profiles for different applications, will be released with the nomenclature of IEC 62443-5-x, where x could be 1,2, 3, etc for different application or industry profile documents.

Why are there changes in IEC 62443?

IEC 62443 is a set of standards, technical specifications and reports that deal with cyber security for Industrial Automation. The various IEC committees deliberated on whether the current structure is good enough to meet today’s requirements and apparently concluded that it needs to have more categories.

Where to learn more?

When you join the Abhisam CICP course, you not only learn about the different IEC 62443 parts, but also learn a lot of other important stuff such as MITRE ATT&CK for ICS, Supply Chain cybersecurity and more. Get immediate access to this Industrial Cybersecurity training course now.

Related Posts

  • IACS IIoT Architecture IEC 62443-4-3
    What is IEC 62443-4-3?

    Update (13th June 2024): The IEC 62443-4-3 draft is now undergoing a ballot and will be renumbered as IEC 62443-1-6. This seems a bit unusual, as generally IEC does not change the number…

  • IEC 62443 Foundational Requirements
    IEC 62443 Foundational Requirements

    If you have been working in the field of Industrial Control Systems cyber security (ICS security) or in the broader Operational Technology cybersecurity domain (OT security) then you may have heard of the…

  • Functional Safety Industrial Cybersecurity
    How Bad Industrial Cybersecurity degrades Functional Safety to being ineffective

    Functional Safety and Industrial Cybersecurity- what's the connection? In this short explanatory white paper, we will discuss how a bad Industrial cybersecurity posture can degrade Functional Safety to be almost ineffective, in protecting…