<img alt="" src="https://secure.sale0home.com/217841.png?trk_user=217841&amp;trk_tit=jsdisabled&amp;trk_ref=jsdisabled&amp;trk_loc=jsdisabled" height="0px" width="0px" style="display:none;">

Issue 20:  Key Takeaways from Understanding IEC 62443 Webinar

by Smart Grid Forums on October 29, 2021

Cyberweekly No.20-1

IEC 62443 is a series of standards that provide organisations across multiple sectors with a robust framework to manage and mitigate security vulnerabilities in industrial automation control systems. By segmenting an organisation’s cybersecurity risks into key zones, the standard enables significant reductions in cybersecurity risk and costs.

Implementing IEC 62443 is everyone’s responsibility and must be better understood and fully embraced by power grid operators, solution providers and system integrators alike, to realise its full benefits.

During this month’s webinar on Understanding IEC 62443, speakers from DNV, Enexis and Fortinet addressed the fundamental building blocks of the standard and examined how it can best be applied in combination with ISO 27001 to provide a holistic cybersecurity approach for IT/OT converged environments.

There is no denying that to date cybersecurity has been an afterthought and often applied in an ad-hoc manner, but events of the past year and in particular the Colonial Pipeline Ransomware attack, have brought home just how critical a more structured and systematic approach to cybersecurity is now required.

The Ukraine cyberattacks demonstrated that you may have the most advanced security features in place but still get caught out by cybersecurity basics. IEC 62443 provides a robust, common sense, cost-efficient approach to securing the power grid in line with your particular risk profile and your particular security goals. Taking the guess work out of next generation power grid cybersecurity.

Please enjoy the webinar replay, power point presentations and market reports linked below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations.

Kind Regards,

13491583329318294

Mandana White
CEO | Smart Grid Forums

News, Views & Resources

REPORT: SANS & Fortinet. Effective ICS Cybersecurity Using the IEC 62443 Standard.
IEC 62443 is a set of ICS security standards written by ICS experts for ICS owners, manufacturers and integrators across a range of applications and sectors. It provides technical requirements that foster a cohesive approach to security that takes into account varying phases of maturity. Using a step-by-step process incorporating “maturity phases,” the Standard outlines a lifecycle approach as part of a cybersecurity program. By segmenting ICS into security zones, organizations can better focus mitigation efforts related to risk, vulnerabilities and compliance in both a localized and broad perspective within their ICS environment.
To read the report, click here!
 
PRESENTATION: DNV. The essential building blocks of IEC 62443.
In this presentation Christian Nerland and Mirnes Alic of DNV explain the essential building block of IEC 62443, its benefits and drivers and the role that grid operators and system integrators play in driving its take-up within the power grid. Specifically, they address: Breaking down IEC 62443 into its key zones and understanding how it can best be applied in the power grid environment. Implementing IEC 62443 in combination with ISO 27001 across a range of power grid domains at the earliest possible opportunity to reap its full benefits. Overcoming the challenges of achieving full certification of IEC 62443 systems and products to ensure a robust and future proofed security architecture and organisations.
To review the presentation, click here!
 
PRESENTATION: Enexis. Applying IEC 62443 in combination with ISO 27001.
In this presentation Philip Westbroak of Enexis discusses the use of IEC 62443 in combinations with ISO 27001 to fully secure IT/OT converged power grid industrial control and automation systems. Specifically they address: Determining the role of IEC 62443 within the broader security management system and understanding how its is playing an increasingly critical role in the power grid environment. Mapping out the security vulnerabilities and needs of your specific industrial automation control environment and determining how best to apply IEC 62443 to achieve your security goals. Assessing the roadmap for the development of the standard and understanding how gaps such as patch management and vulnerability management are being addressed.
To review the presentation, click here!
 
PRESENTATION: Fortinet. Adopting IEC 62443 across a wider range of power grid industrial automation control systems.
In this presentation Anton D’Hausey of Fortinet evaluates how IEC 62443 can be applied to a greater range of power grid systems and components. Specifically he addresses: Identifying the regulatory and commercial drivers for adopting IEC 62443 from a product supplier point of view. Evaluating lessons learnt from the integration of the standard into products for the power grid industrial automation control environment. Determining how the standard needs to evolve to ensure its ongoing fit with the evolving power grid IIoT based infrastructure and cybersecurity threat landscape.
To review the presentation, click here!
 
WEBINAR: Smart Grid Forums. Understanding IEC 62443.
In this 60-min video speakers from DNV, Enexis and Fortinet provide insights into how organisations can evaluate and align IEC 62443 concepts, frameworks and controls with an accurate representation of cybersecurity risk to their operations. We clarify the fundamental building blocks of the standard, the benefits of applying it in combination with ISO 27001 in the power grid environment, the intricacies of the certification process, and how grid operators and product suppliers can work more collaboratively to ensure its widespread application.
To watch the webinar replay, click here!
 

CyberAware Webinar Series

Screen Shot 2021-05-10 at 11.09.25

Click here to watch the replay of the Navigating the Threat-Scape webinar
Click here to watch the replay of the Combatting Social Engineering webinar
Click here to watch the replay of the Combatting Ransomware Attacks webinar
Click here to watch the replay of the Combatting Supply Chain Attacks webinar
Click here to watch the replay of the Understanding IEC 62443 webinar
 
 
 
 

Topics: CyberAware