Abhisam is pleased to announce that a new module on understanding IEC 62443-2-4 is now a part of the Abhisam Industrial Cybersecurity training course (Professional Version).
What is IEC 62443-2-4?
As you probably know, the IEC 62443 series of standards is developed jointly by ISA (International Society of Automation) and IEC (International Electrotechnical Commission), to provide guidance for implementing Industrial Cybersecurity. The term is synonymous with OT Security (Operational Technology security) and it refers to Industrial Control Systems cyber security. In other words, this means cybersecurity of DCS, SCADA, PLC, SIS, BMS and other similar non-IT systems used to monitor and control industrial plants and facilities (such as those in Oil & Gas, Chemicals, discrete parts manufacturing, Power generation, etc) electrical grids, buildings, ships, transportation, railways and other sectors of the economy.
IEC 62443 is composed of several parts; not all parts have been released so far. The part of IEC 62443 that deals with security program requirements for suppliers of Industrial Automation and Control Systems is IEC 62443-2-4.
Who is IEC 62443-2-4 intended for?
Although this part of the Standard is intended for use by Industrial Automation and Control System suppliers (such as automation vendors and their system integrators), it is also useful for asset owners (who own the equipment, machinery or plants that the automation system controls) too. This gives asset owners a ready list of things that they can demand from automation vendors and system integrators. Although the standard is not mandatory, it is a very good starting point for getting a secure Automation and Control System.
How to understand IEC 62443-2-4?
First before directly jumping into IEC 62443-2-4 you have to holistically understand how to secure your Industrial Control System. This is best done by taking the Abhisam Industrial Cybersecurity course.
Once you understand ICS security after completing the first few modules of the course, you can then access the IEC 62443-2-4 module. This module will help you understand how you can comply with the requirements of the standard.
Before jumping into IEC 62443-2-4, you must have a good idea about ICS security in general and the IEC 62443 foundational requirements.
Is this useful for only automation vendors and system integrators?
Industrial manufacturing plants and facilities, as well as installations such as Oil Terminals, City Water supply plants, Pipeline networks, power generation plants, electrical grid networks, port handling facilities are all considered as “Assets”. These are either operated by asset owners themselves or by separate entities known as operators. Together we refer to these as Asset owner/operators.
These assets utilize Industrial Automation and Control Systems , including Safety Instrumented Systems (SIS), Fire & Gas systems (F & G), that monitor and control these facilities as well as ensure that they remain safe. We refer to these systems as IACS. These IACS may include various types of control systems such as those based on DCS (Distributed Control Systems), PLC (Programmable Logic Controllers) or SCADA (Supervisory Control and Data Acquisition systems).
This module is of course, extremely useful to all DCS vendors, PLC/SCADA vendors, SIS vendors and their system integrators.
Additionally, it is also useful for asset owners and their representatives, such as Instrument and Control System engineers responsible for maintenance and security of the asset owners Control/ Automation Systems and Safety Instrumented Systems, as it gives them an idea of what can be expected from vendors and system integrators.
Is this module useful for Design Engineers in EPC companies or other engineering consulting companies?
Yes, it is useful for not only design engineers in EPC companies or Engineering Consulting companies, but also for bidding teams to understand what is to be delivered for meeting the condition of IEC 62443-2-4 compliance.
Can I demonstrate ICS Security competency using this course?
Sure, when you complete this module and pass the associated exam you earn a Certificate of Competency in Industrial Cybersecurity and an electronic badge that you can display online on portals such as LinkedIn.
Note that the Industrial Cybersecurity course also has advanced modules that cover concepts like the MITRE ATT&CK for ICS model, Honeypots and more. The advanced module will also get new additions such as Supply Chain cybersecurity and Software Bill of Materials (SBOM) soon.
Optionally, you can also earn the title of CICP (Certified Industrial Cybersecurity Professional), when you submit your assignment successfully. This is an easy way to not only demonstrate your competency to your boss and colleagues, but to also potential employers and clients online, on places such as LinkedIn, where you can share your badge.