CIP is focused on IEC 62443 for cyber security measures of IACS

By July 12, 2019 Blog

By Kento Yoshida, CIP security working group member and Senior staff engineer of MPU Product Department, Enterprise Infrastructure Business Division at Renesas Electronics Corporation

The threat of cyber-attacks is growing. With the evolution of IoT, the targets of cyber-attacks are changing from information assets to Industrial Automation and Control System (IACS). Serious damage such as operation stops and the destruction of components are occurring.

In order to deal with evolving cyber attacks, all layers that make up an IACS, such as system services and component functions, in addition to operational layer must be kept secure. For this reason the IEC 62443 series is attracting attention as the de facto cyber security standard for all layers of IACS.

The Civil Infrastructure Platform (“CIP”), the open source project hosted at the Linux Foundation which intends to create reusable building blocks that meet requirements of industrial and civil infrastructure, places great importance on the IEC 62443 series.

Additionally, CIP  supports the adoption of IEC 62443 across the entire industry and are working to roll out solutions as soon as possible as part of an all-out effort to support users’ effort to acquire certification through the newly established CIP security working group.

As a first step to making the industry more secure our working group actively supports suppliers of industrial products so that they can certify using the IEC 62443-4-2 standard, now.

Suppliers will be efficiently able to develop security functions which conform to the IEC 62443-4-2 standard using an open source “base layer” of industrial grade software provided by our activities to reduce development cost, difficulty and uncertainty.

 Currently, we are in the process of completing the investigation of the security functions required for certification and selecting component packages to realize them.

The investigation we conducted showed that more than half of the functionality needed to achieve security level 3 (SL-3) of IEC-62443-4-2 in embedded or network devices can be realized on our platform including our reference hardware.

This high coverage shows that Linux has continued to provide effective and practical features to the industry to date. We are very pleased with this result. And we hope that many industrial-grade software suppliers adopt our open source base layer with high coverage for SL-3 as a development platform for their application.

For more details, visit the CIP security working group wiki page and learn more about our activities. Furthermore, we will present the concept and goal of our activities at the CIP booth at the upcoming Open Source Summit Japan 2019 in Tokyo from July 17 – 19.  If you have any interest in our activities, we hope to see you at the venue.