IEC62443 Training


This training provides you with an overview of the IEC62443 series of standards. It presents the main cybersecurity concepts in industrial security and includes an overview of all the requirements contained in IEC62443.


The training can be used by both cybersecurity professionals focusing on Information Technology (IT) to gain a deeper understanding of Operational Technology (OT) and also by OT professionals to gain a better understanding of cybersecurity.

IEC62443 Training

About IEC62443 Series of Standards


IEC62443 is an internationally recognized family of standards providing a complete framework for assessing various actors involved in OT, also known as Industrial Automation and Control Systems (IACS). Initially designed for Industrial Control Systems (ICS), IEC 62443 is now considered a relevant standard across many industry verticals due to the holistic way in which its requirements are expressed. The series of standards was created in line with this increasing awareness of OT security.

OT Cybersecurity Training - IEC 624443

The series of standards are divided into different sections that cover both technical and process-related aspects of OT cybersecurity. Moreover, it divides the topics of cybersecurity based on the responsibilities of various stakeholders, such as operators, service providers, and component/system manufacturers.

The documents included in IEC62443 standards are split into four levels:

  • General concepts;
  • Policies & Procedures;
  • System level;
  • Component level.

Why should you attend?


The IEC62443 training will allow you to:

  • Understand the general concepts of OT cybersecurity;
  • Get an understanding of how the IEC62443 family of standards is organized;
  • Deep dive into the requirements of IEC62443 standards;
  • Learn about potential certification schemes based on IEC62443;
  • Explore lessons learned from several case studies.

Intended Audience

IACS IEC62443

The training is designed to address different stakeholders, such as operators, product manufacturers of industrial components and systems, and cybersecurity professionals willing to learn more about OT cybersecurity. The expected audience consists of:

  • Cybersecurity professionals;
  • IT specialists and administrators;
  • OT specialists and engineers;
  • Anyone with interest in OT cybersecurity and IEC62443 standards in particular.

Required Skills & Expertise


The training is designed to explain and deep dive into the contents of the IEC62443 series of standards. No previous knowledge of IEC62443 is necessary. Basic knowledge of cybersecurity concepts is preferred to follow the presented concepts smoothly.

Program

The training is designed to cover all the topics presented below in 3 days.


Day 1

Introduction, Definition & General Concepts

  • Definitions & Vocabulary
  • Statement & challenges of cybersecurity in the OT world
  • The scope of cybersecurity in the company / in the projects
  • Types of cyberattacks applicable for OT
  • IEC 62443 Architecture of the standard
  • IEC 62443 Common Concepts
  • Overview of IEC 62443: different sub-parts, global structure


Introduction to the Automation world

  • Description of IACS layers
  • ICS components
  • Protocols used in OT


Cybersecurity Organization

  • Threats and risks in organization security
  • Requirements for an IACS security management system (IEC 62443-2-1)


Life cycle & Risk assessment

  • The life cycle of products and IACS (IEC 62443-1-1)
  • Zones and conduits: concepts
  • Risk assessments / Architecture partitioning (IEC 62443-3-2)


Day 2

Focus on IEC 62443-3-3 & 4-2

  • Description of Security Requirements (SR) and Component Requirements (CR)
  • Specific requirements for dedicated devices


A detailed review of requirements

  • System Security Requirements and security level, IEC 62443-3-3
  • Differences between IEC 62443- 3-3 and IEC 62443- 4-2
  • Usual Questions
  • Pieces of evidence
  • Testing aspects


Key security mechanisms

  • Authentication, encryption, signature
  • Defense-in-depth, least privileges, reduce attack surfaces.
  • Security by design, Segmentation,
  • Vulnerabilities, pentesting, patch management


Day 3

Focus on IEC 62443-2-4

  • Description of Functional areas
  • Maturity model


Focus on IEC 62443-4-1

  • Description of the security practices (SM, SRs, SD, SI, SVV, DM, SUM, SG)
  • A detailed review of requirements
  • Questions
  • Pieces of evidence
  • Audit


Overview of certification under the IECEE scheme

  • IECEE organization and its activities
  • CBTL & NCB
  • IECEE 62443 Certifiable parts
  • Templates, certification rules


Use case - Ukraine power grid cyberattack

Interested in this IEC62443 Training?

If you are interested in hosting this interactive and tailored training at your company, please let us know via the contact form below, at +31 (0)88 888 31 00 or email info@secura.com.

Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.