March 7, 2022
Phoenix Contact is the first company to receive a certification for a controller (PLC) in accordance with IEC 62443-4-1 ML 3 Full Process Profile in combination with IEC 62443-4-2. This confirms that the secure development life cycle was fully applied in developing the PLCnext Control devices.
As a result, the PLCnext Control product family of AXC F 1152, AXC F 2152, and AXC 3152 has been certified by TÜV SÜD. By activating the Security Profile, users have access to a more comprehensive scope of Security Level 2 (SL2) functions. This certification emphasizes Phoenix Contact’s strategy of offering standardized security in products, industry solutions, and consultation services to ensure the future-proof operation of machines, systems, and infrastructures.
“The IEC 62443 standard series defines the security requirements for the development process and the functional product characteristics. Integrating these into an open platform such as PLCnext was a true challenge, which was solved elegantly by introducing the Security Profile,” explains Enrico Seidel, Senior OT Security Expert at TÜV SÜD. “Product certification in accordance with IEC 62443-4-1/-4-2 shows users that a product was developed securely and provides information on which technical security requirements were implemented. Our Certificate Report describes which product characteristic achieved which Security Level,” adds Heiko Adamczyk from TÜV SÜD. “Collaboration with TÜV SÜD during development was very goal-oriented, allowing the time requirements of the complex project to be taken into account on an individual basis.
Implementation of the development-side 4-1 process requirements, for instance with the definition of the security context, threat analysis, secure-by-design concepts and implementations, vulnerability management, and the establishment of security test methods, were the key building blocks of the certification,” confirms Boris Waldeck, IEC 62443 Certification Project Manager at Phoenix Contact.
“Implementing the security functions of IEC 62443-4-2 in accordance with the standard required close collaboration with TÜV SÜD, since requirements in 4-2 are often only described in very general terms,” adds Stefan Hausmann Product Solution & Security Expert (PSSE) at Phoenix Contact.
In automation, IEC 62443 “IT Security for Industrial Automation Systems” plays an extremely important role as it considers security holistically from the perspectives of the operator, system integrator, and device manufacturer. The more products are developed in the long-term in accordance with IEC 62443, the easier it is for operators and system integrators to implement security when integrating and operating automation systems, and to ensure security throughout the entire life cycle.