Download document () of 20
Send email
Download
You have exceeded the download limit
Stay informed on the latest topics around protecting people and property from electrical hazards by signing up for notifications.
The explosion of the industrial internet of things (IIoT) creates a crucial need for robust cybersecurity practices and well-defined standards that provide customers with confidence that their connected devices will operate securely throughout their entire lifecycle.
Cybersecurity is a critical capability and aspect of creating trusted environments. But how can you validate that secure-by-design principles have been applied to every product installed across your systems?
In last month’s article, we covered how UL and IEC product cybersecurity certifications are helping support trusted connectivity around the globe. In this installment, we’ll focus on the importance of embedding security throughout the entire product development process – otherwise known as the Secure Development Lifecycle (SDL).
SDL was created in response to an increase in virus and malware outbreaks at the turn of the twenty-first century. This approach to product development places cybersecurity front and center from inception to deployment and lifecycle maintenance. SDL can help manufacturers stay ahead of cybercriminals by managing cybersecurity risks throughout the entire lifecycle of a product or solution.
As an early spearhead of the SDL initiative, Microsoft made its SDL tools, processes and guidelines widely available. Since then, SDL has been widely adopted across industries including electrical and critical infrastructure. Today, SDL is a proven strategy to address risk proactively with a system-wide defensive approach.
For manufacturers, adopting an SDL approach that has been validated by a third-party is critical to creating trusted environments. It’s the third-party certification that gives customers confidence in the processes and technologies they’re applying, much like safety certifications and standards in the National Electric Code.
Although SDL is not an inherent code or standard, it does dictate how cybersecurity should be integrated into processes for product procurement, design, implementation and testing teams.
The International Electrotechnical Commission (IEC) 62443-4-1 lays out guidelines for secure product lifecycle development in the electrical industry. The IEC guideline specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development lifecycle for developing and maintaining secure products. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products.
Third-party validation for SDL processes is important because it provides customers with confidence and helps reduce risk by confirming that the technologies and processes they’re applying comply with proven industry guidelines. At Eaton, we take SDL very seriously to proactively manage cybersecurity risks in products through a framework involving threat modeling, requirements analysis, implementation, verification and ongoing maintenance.
A “defense in depth” mechanism that is effective today may not be effective tomorrow because the vulnerabilities keep evolving. This is why administrators of industrial control system networks must be ever-alert to changes in cybersecurity landscape and work to prevent any potential vulnerabilities.
The cybersecurity process certifications outlined by IEC provide customers with confidence that manufacturers have instilled the organization-wide approaches needed to ensure robust cybersecurity over the lifecycle of any given product.
Eaton manages cybersecurity risks in products through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the entire product lifecycle.
The more connected devices flourish, the more cybersecurity matters. If your organization isn’t currently adhering to SDL processes, there is no better time to start than now.
Data-driven technologies are rapidly changing the way the world works. And the more connected devices flourish, the more cybersecurity matters. If your organization isn’t currently adhering to SDL processes, there is no better time to start than now.
Beyond adhering to SDL development processes, it is also critical that organizations across the electrical industry establish a robust cybersecurity program that includes periodic assessment of their IT/OT network to ensure they stay on top of vulnerabilities on they network. If they do not have this expertise in house, they can leverage third-party cybersecurity service offerings from trusted suppliers. Some of these services include:
Insights – Stay up to date with our latest Cybersecurity insights
Provide complete life-cycle management to maximize the availability of your facility
The top 7 cybersecurity items the operations department should be doing right now
Stay informed on the latest topics around protecting people and property from electrical hazards by signing up for notifications.
MyEatonFAQs
