Moxa has earned the world’s first IEC 62443-4-2 certification for industrial networking devices, as per the International Electrotechnical Commission for Electrical Equipment (IECEE) Certification Body Scheme. The certification is for one of the company’s next-generation networking solutions, EDS-4000/G4000 Series, due to hit the market in the upcoming March.
As recognized by IEC 62443-4-2 and IEC 62443-4-1 certifications, Moxa’s solutions aim to unite networking and OT cybersecurity with layered defense-in-depth protection.
Our solutions cover security-hardened networking devices based on the IEC 62443-4-2 cybersecurity standard, advanced IT and OT network segmentation with threat prevention, and tailored OT deep packet inspection (DPI) realizing industrial intrusion prevention system (IPS). These offerings allow Industrial Automation and Control Systems (IACS) to be built with reliable end-to-end connectivity to provide robust hardware, as well as high-performance and dependable networks.
“When we pursued the certification of the IEC 62443 standards, the journey was transformational for Moxa,” said Samuel Chiu, general manager of Moxa Networking. “We demonstrated that security is part of the DNA of Moxa’s product and solution portfolios by complying with the internationally recognized standards related to the process and product requirements for the secure development of an IACS. This benefits our customers who must now utilize these solutions to enjoy undisrupted operations during every step of their digital transformation.”
“Networking and cybersecurity have strong synergies in operations settings, yet they both must be purpose-built for OT environments. With the digital future and increased connectedness of operations, new industry requirements and standards will be put in place to ensure providers can keep up with these requirements,” said Jonathan Lang, research director of IDC with a focus on Worldwide IT/OT Convergence Strategies. “These specialized industry requirements can be overlooked by many IT cybersecurity solutions, and combining subject matter expertise and capabilities from operations is critical to ensure integrity of security systems.”
According to IDC’s Worldwide IT/OT Convergence 2022 Predictions*, 75% of new operational applications deployed at the edge will leverage containerization by 2024. This will enable a more open and composable architecture, which will be necessary for resilient operations.
The rise in edge devices and expanded connectivity represent a pathway into operations. They are being deployed at a high rate and utilize more open architectures and capabilities compared to the isolated automation systems of the past. These devices must have both their software and hardware elements developed securely to last throughout their product lifecycle, integrate seamlessly into the network overall, and have security management capabilities.
To create a foundation for futureproof operations, many system integrators require that component suppliers comply with the subsections of the IEC 62443 standard that pertain to their devices. The software development process-related IEC 62443-4-1 and the product-related IEC 62443-4-2 standards highlight the importance of selecting vendors that provide hardened hardware components built with a “secure by design” approach. This approach should be adopted from the first day of the product development process, which includes plans for complete security lifecycle management and patch management.
“The IEC 62443 series of standards cover all aspects of security requirements, thus providing a common language for component suppliers, system integrators and asset owners”, says Steve Mustard, 2021 President of International Society of Automation (ISA), the Standards Development Organization responsible for IEC 62443. “The standards outline a secure-by-design approach and provide requirements through to product manufacturing. This significantly simplifies the procurement and integration processes for network devices, applications, and automation control devices that make up industrial control systems.”
The IEC 62443-4-1 standard defines a secure development lifecycle for the purpose of developing and maintaining secure products used in IACS. The IEC 62443-4-2 standard is important for system integrators, machine builders, and plant operators who have to consider the security aspects of their applications. Both standards are useful for device manufacturers who develop switches, routers, gateways, and other components for the automation industry.
Moxa has been following the development of the IEC 62443 standard for six years and has designed its products in accordance with its guidelines. In addition, Moxa has spent considerable resources on educating the market about not only the importance of the standard, but how we embed its principles throughout all stages of our hardware and software development. The certifications also demonstrate Moxa’s capability to identify and respond to vulnerabilities and work with customers to mitigate their risks. Only when cybersecurity awareness increases can joint forces enhance industrial network security. Moxa will continue investing in cybersecurity and work closely with our customers to ensure that “secure by design” solutions combine expanded networking and purpose-built OT cybersecurity into one capability.