The cyber security provider, F-Secure, has earned two new International Electrotechnical Commission (IEC) certifications that recognise the company’s expertise in developing secure components for industrial control systems (ICSs). The certifications, IEC-62243-4-1 and IEC-62243-4-2, define the cyber security requirements for the development lifecycles and products used in industrial control and automation systems.
“Our security engineering process is a unique blend of security consulting and R&D, built on decades of experience that allow us to create secure, production grade products, from initial design all the way through implementation and deployment,” said F-Secure Head of Hardware Security Andrea Barisani. “Security is embedded into the foundation of everything we develop rather than added as an afterthought, and this is how we are able to provide secure components that safety critical industries, such as energy and transportation, can trust.”
Barisani’s team earned the certifications for a newly developed, proprietary data logging solution. The solution, designed for use in the maritime, aviation and automotive industries, collects data from vessels, aircraft or vehicles, and securely stores it in a central location. It also leverages concepts from data diodes that help contain attacks aimed at accessing industrial buses: even in worst case scenarios, the solution prevents attackers from using it to gain control over safety critical systems.
ICSs are long term investments for organisations working in a variety of industrial sectors, including energy, manufacturing, and transportation. Securing these systems can be a challenge due to their lengthy lifespans and critical role in operations. But as noted in a recent F-Secure report on the energy industry, the increasing level of connectivity found in ICSs and their surrounding IT environments makes securing these systems more important than ever.
According to Barisani, earning internationally-recognised certifications is difficult and time consuming, but important in order to help assure companies that what they are paying for will meet their security and business needs.
Barisani added: “Obtaining certifications like these is a long, hard fought journey, especially on a highly technical solution conceived and developed with practical, pragmatic security in mind. We’re proud to be among the few cyber security companies offering a certified solution that maintains, uncompromised, every facet of the security foundations it was built upon, thanks to the careful orchestration of our technical team with the certification process.”