Increasing automation, digitalisation and networking in industry – often summarised under the buzzword ‘Industry 4.0’ – presents companies with new challenges in terms of IT security. At the same time, the Cyber Resilience Act demands a comprehensible, high level of security for industrial components. Against this backdrop, the German Federal Association for IT Security (TeleTrusT) has activated its ‘Smart Grids/Industrial Security’ working group: With the publication of the revised version of TeleTrusT IEC 62443 Use Case Industrial Firewall, a proposal for an IEC 62443-5 profile is now available that specifies the requirements for industrial firewalls.
IEC 62443 is established as an international series of standards for IT security in automation systems. Part 4-2 describes the security capabilities that industrial components must provide at a technical level. Although previous specifications of the standard provide a framework by defining component types, they often do not achieve the practical granularity that manufacturers, certification bodies and users require.
The document published by TeleTrusT specifies these requirements specifically for industrial firewalls with router functionality and covers security levels SL 2 and SL 3. It also provides further information: a clear definition of the scope of application, references to additional risks, an overview of typical assets, a practical scenario within the zones and conduits concept, and detailed explanations and examples of the individual component requirements.
A key advantage of the profile is that it reduces the scope for interpretation. Uniform requirements make it easier for manufacturers to align their development with the standard, while certification bodies can carry out conformity testing in a standardised manner. For customers, this results in greater transparency and comparability of products and certificates.
Until now, the requirements of IEC 62443-4-2 have often been interpreted differently – both within technical associations and by user companies. With the updated version of the use case, TeleTrusT aims to accelerate this discussion in a targeted manner. The proposal is profile scheme-compliant in accordance with IEC 62443-1-5 and also serves as a sound basis for the development of vertical standards required to comply with the Cyber Resilience Act.
With its proposal for an IEC 62443-5 profile, TeleTrusT is taking an important step towards comparable, uniform security requirements for industrial components, strengthening the reliability of certifications and supporting companies in implementing practical IT security measures.
The publication can be viewed directly via TeleTrusT:
