With the increase in digitalization and connection between IT and OT, the risk of cyberattacks in the industrial environment is growing. As a result, companies have to prepare themselves. The international IEC 62443 series of standards describes a comprehensive approach to cyber security measures for operators, integrators and manufacturers with the aim of minimizing risks for industrial networks.
With this in mind, the Division, which is responsible for drive and control technology, introduced a Secure Development Lifecycle process. “This systematically fulfills the requirements of IEC 62443-4-1 from product development through to implementation and application,” explains Ludger Kuttenkeuler, Senior Product Security Engineer at Yaskawa Europe. “We’re amazingly proud that this process has now been confirmed by the TÜV Süd audit. We’re now in a position to offer our customers the appropriate security for the increasing cyber threat in the product environment.”
Stringent security requirements
The standard covers several aspects. Stringent security requirements, such as a threat analysis for example, must be adhered to as early as the product development stage. Putting a defect management process in place guarantees that the customer’s security vulnerabilities can be dealt with properly, from reporting to resolution, which can be a security patch.
With this certification, Yaskawa is already well prepared for the EU’s planned “Cyber Resilience Act” (CRA). This is based on the specifications of the IEC 62443-4-1 standard. Manufacturers must therefore implement the requirements for their products following a transition period. “Thanks to the audit by TÜV Süd, Yaskawa is already prepared for these requirements and will be able to implement them as soon as the CRA requirements are adopted,” says Rainer Habermann, General Manager Research & Development.