Rockwell Automation continues to add to its list of achievements in industrial cybersecurity to help industrial companies focus more on transforming their business and worry less about potential cybersecurity risks. The company recently received ISA/IEC 62443-2-4 certification, which defines security requirements for service providers.
The certification shows that the security capabilities Rockwell Automation uses when quoting, designing, integrating and maintaining automation systems meet the standard’s requirements. ISA/IEC 62443 is the world’s only consensus-based cybersecurity standard for industrial control applications.
Rockwell Automation also received a maturity-level increase in the ISA/IEC 62443-4-1 certification it obtained last year for its Security Development Lifecycle, showing the company meets the standard’s security requirements in the way products are produced and supported. In addition, this shows the company has mature processes to handle vulnerability disclosures and work transparently with customers to help manage their risk.
The new certifications were independently performed by TÜV Rheinland and add to a growing list of ongoing Rockwell Automation achievements as the company helps customers strengthen cybersecurity.
“Industry needs partners that can help them use technology to expand what’s possible in their operations while protecting what matters most to them,” said Blake Moret, CEO, Rockwell Automation. “When companies work with us, they can take comfort knowing we provide products and services built with security in mind. The security requirements in ISA/IEC 62443 aren’t a mere checklist for us, they’re embedded in our everyday work.”
Earlier this year, Rockwell Automation introduced the first industrial controller certified to ISA/IEC 62443-4-2, with more products to follow. Rockwell Automation is also a founding member of the ISA Global Cybersecurity Alliance, a coalition of industry, government agencies and others working to help secure manufacturing and critical-infrastructure operations.
Rockwell Automation is also working to expand the use of the ODVA CIP Security protocol, which helps make sure only authorized devices are connected in industrial operations. It also helps prevent tampering or interference with communications between those devices. Rockwell Automation released the ControlLogix EtherNet/IP communication module earlier this year and is planning to introduce new technologies to expand CIP Security protection to legacy and non-CIP Security devices in the coming year.
In addition, the upcoming release of the PlantPAx 5.0 distributed control system is expected to include ISA/IEC 62443-3-3 certified architectures to help users deploy appropriate control system security levels.
“Leading industrial companies have put digital transformation at the top of their agenda for the competitive advantages it presents,” said Matt Littlefield, president and principal analyst, LNS Research. “Unfortunately, legacy automation and control systems are not inherently secure. Rockwell Automation has a strong track record in digital transformation and in embracing the processes, procedures, products and services that support strong industrial security.”