How MOXA and IEC 62443 Assure Cybersecurity

Embedded Systems Friday, 7 June 2024
hero-100642

IEC 62443-4-2 is a standard within the IEC 62443 series, which addresses cybersecurity for Industrial Automation and Control Systems (IACS). Specifically, IEC 62443-4-2 defines the technical security requirements for IACS components.

IEC 62443-4-2 works in conjunction with IEC 62443-4-1, which focuses on the secure development lifecycle requirements for IACS products. Together, these standards ensure that both the development processes and the technical specifications of the components meet rigorous cybersecurity standards. These standards have become mandatory technical requirements in many countries, and as demand for product security increases, it has become a growing requirement for manufacturers to prove the security level for their Industrial IoT equipment.

Given its applicability with the recent NIS2 directive, what are the key aspects of the standard and how can MOXA’s device portfolio contribute to upholding a regulatory level of cybersecurity?

Scope and Purpose

IEC 62443-4-2 provides detailed cybersecurity requirements for individual IACS components. These components can include:

  • Embedded Devices: Devices with computing power and memory, typically used in field operations.
  • Network Components: Devices such as switches, routers, and firewalls that facilitate communication within the IACS.
  • Host Devices: General-purpose computing devices such as servers and workstations.
  • Software Applications: Software that runs on host devices and provides various functions within the IACS.

  • The standard is intended for use by developers, integrators, and operators of IACS to ensure that their components meet the necessary security requirements. The goal is to ensure that each component meets a baseline level of security, thereby contributing to the system’s overall security.

    The standard outlines different security levels (SL1 to SL4), which represent increasing degrees of security. Each level corresponds to the component’s resilience against attacks with different levels of complexity. Components must meet the requirements for the desired security level appropriate to their intended deployment environment.


    Technical Requirements

    IEC 62443-4-2 specifies several foundational requirements (FRs):

  • FR1 - Identification and Authentication Control (IAC): Ensuring that entities (users, devices, software processes) are properly identified and authenticated before accessing system resources.
  • FR2 - Use Control (UC): Ensuring that authenticated entities have appropriate access permissions.
  • FR3 - System Integrity (SI): Protecting the integrity of the system and its data.
  • FR4 - Data Confidentiality (DC): Ensuring that data is protected from unauthorised access.
  • FR5 - Restricted Data Flow (RDF): Controlling the flow of data to ensure it is only accessible to authorised entities.
  • FR6 - Timely Response to Events (TRE): Ensuring that security-related events are responded to promptly.
  • FR7 - Resource Availability (RA): Ensuring the availability of necessary resources for system operation.

  • Adhering to these standards can help organisations better protect their systems from cyber threats and ensure safe and reliable operations.

    MOXA’s IEC 62443-4-2 SL2 Certified Devices

    Thankfully, MOXA has many devices in their portfolio that are IEC 62443-4-2 certified and, therefore, conform to the cybersecurity standards for secure industrial purposes. This includes the EDS-4000/G4000 series of industrial ethernet switches, which are among the world’s first to achieve this certification. The series consists of 68 models, ranging from 8 to 14 ports.

    Aside from the EDS-4000/G4000, other devices manufactured by MOXA that are compliant with the standards are:

  • TN-4900 rail routers
  • RKS-G4000 L2/L3 rackmount managed switches
  • AWK-325A, AWK-4252A, and AWK-1151C WLANs
  • EDR-G9010 secure routers
  • UC-8200 IIoT gateway computers

  • MOXA are working to expand their portfolio of IEC 62443-4-2 compliant products, with more devices expected to achieve compliance by 2025.

    MOXA Industrial Linux

    MOXA’s UC-8200 Arm-based computers, such as the UC-8210-T-LX or the UC-8220-T-LX models, feature MOXA Industrial Linux (MIL) which is developed according to IEC 62443-4-1. MOXA Industrial Linux 3 Secure (MIL3) is IEC 62443-4-2 compliant.

    The MIL3 operating system is based on Debian 11 with kernel 5.10 and offers advanced security features like TPM 2.0, hardware root of trust, secure boot, and disk encryption using LUKS. It also has quick backup and restore utilities and automated system recovery features based on an overlay file system architecture. If a security breach, process failure, or file corruption were to occur, these features help to reduce downtime as much as possible.

    MOXA provides long-term support for their Linux OS, with security updates and high-priority bug fixes included in its 10-year lifecycle, as well as access to the MOXA Product Security Incident Response Team (PSIRT). The MOXA PSIRT investigates all reports of cybersecurity vulnerabilities that could affect MOXA products, proactively protecting them and effectively mitigating and managing security risks.

    MIL being IEC 62443-4-2 certified means that it has been rigorously evaluated and meets the high standards of cybersecurity required for industrial automation and control system components. The UC-8200 is the first host device worldwide to attain IEC 62443-4-2 certification, making it easier for asset owners and system integrators to integrate IIoT applications securely without extensively testing and validating the computing platform’s security.

    Speaking on the UC-8200 computers, George Y Hsiao, Product Manager of MOXA IPC Business, said: "The IEC 62443-4-2 certified UC-8200 Series computer makes it easier for asset owners and system integrators to integrate IIoT applications by providing a secure platform that has already been tested and validated. Without such a certified platform, asset owners and system integrators would need to spend a significant amount of time testing and validating the security of the computing platform and its components before integrating their applications."

    Security Certainty with IEC 62443-4-2

    IEC 62443-4-2 is not merely a suggestion – it's a critical standard for enhancing the security capabilities of IACS components and is essential for manufacturers and operators aiming to implement robust cybersecurity measures. It ensures they meet legal and regulatory requirements like the NIS2 directive across energy, transportation and other critical sectors.

    The IEC 62443-4-2 certification demonstrates MOXA's proactive approach to safeguarding these critical infrastructures, making their solutions a reliable choice for industries seeking to strengthen their cybersecurity. By meeting these rigorous standards, MOXA devices ensure robust security features and provide engineers with the confidence that their systems are protected against evolving threats in the industrial automation sector.

    At Impulse, we stock a range of MOXA devices that are IEC 62443-4-2 certified, ensuring our customers have access to the highest cybersecurity standards in industrial automation. This means that the certified devices we offer meet industry-leading security standards and are equipped to protect against cyber threats, providing robust performance in their critical operations to ensure the safety and reliability of your industrial control systems.

    For more information, please get in touch with our knowledgeable team at 01782 337 800 or email sales@impulse-embedded.co.uk.


    louisa.rochford@impulse-embedded.co.uk
    Louisa Rochford
    Impulse Team
    Share