TÜV SÜD – Safety and security in the digital world
München / Nuremberg - The digital transition is an enormously challenging time for companies, confronting them with the issue of how to maximise the opportunities offered by Industry 4.0, the ‘fourth Industrial Revolution’, while at the same time reducing the risks involved in increasing interconnectivity. At it-sa 2016 in Nuremberg, TÜV SÜD will present its extensive range of consultancy, testing and certification services for interoperability and reliability of systems, security for enterprise IT and operational technology, and initial and continuing training and education for staff (Hall 12, Stand 12.0-331).
The main cornerstone of Industry 4.0 is the convergence of enterprise IT and operational technology (OT). New generations of complex networks are being created as the boundaries between these two areas, previously largely separate, become increasingly indistinct and IoT devices and new automation technologies are rapidly introduced. The challenge for companies is to maintain secure functioning of their automated processes, while protecting their networks from unauthorised access or even attack. TÜV SÜD provides support for companies in implementing integrated IT/OT security strategies. In Nuremberg, the international service provider will present its portfolio of services including consulting, testing and certification according to international standards such as ISO/IEC 27001 and IEC 62443, under the heading of “Safety and security in the digital world”.
Certification according to ISO/IEC 27001 and IEC 62443
ISO/IEC 27001 defines the requirements for the introduction, implementation, supervision and improvement of information security management systems (ISMS). Certification of an ISMS by TÜV SÜD furnishes credible documentation that the requirements of ISO/IEC 27001 have been fulfilled. The German IT Security Act requires operators of critical infrastructures to deliver evidence that an appropriate level of IT security is in place – for example, in the form of a functioning ISMS – and in fact, under the IT Security Catalogue an ISMS is actually mandatory for energy network providers.
World’s first TÜV SÜD certificate according to IEC 62443-4-1 for Siemens
The IEC 62443 standard is the first that provides a basis for IT security certification for industrial automation and control systems. IEC 62443 is a series of standards governing IT security in plants and systems, system integrators / maintenance service providers and manufacturers of components, subsystems and systems. Certification of product manufacturers is conducted on the basis of IEC 62443-4-1, while security functions of products are evaluated in accordance with IEC 62443-3-3, certification for system integrators employs IEC 62443-2-4, and implemented security functions are likewise assessed under IEC 62443-3-3. TÜV SÜD has been among the first providers to conduct testing and certification that is already in accordance with IEC 62443. The international service provider awarded its first IEC 62443-4-1-based certificate in the world to Siemens only this August; by doing so, it furnished confirmation of Siemens’ compliance with the standard’s security requirements in its interdisciplinary development process for automation and drive products at seven development sites in Germany.
Training for staff
Industry 4.0 is also bringing new challenges for staff at the companies concerned. Poorly considered actions by employees, such as the use of ‘infected’ thumb drives to back up or transport data, may undermine protective measures. On the other hand, the world of digitisation is also creating new careers for which specific qualifications are necessary. TÜV SÜD provides a wide range of such training courses, including training for Information Security Officers and Information Security Auditors in compliance with ISO/IEC 27001.