Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Securing Your Operations? Don't Forget Your Hardware

A version of this blog originally appeared on Cisco


When you think about cybersecurity, I bet you think about protection from malware–pieces of software that can infiltrate industrial resources and steal data or disrupt operations. Such security requires sophisticated firewalls, deep packet inspection, intrusion detection and prevention, and a robust network that can segment operations and limit any malware's spread. 

That's great, but you might be ignoring vulnerabilities that can arise from deficiencies in the underlying hardware. If you are, you would be making a grave error. If the hardware is not reliable, any security measures you take on the network and resources that run on that hardware can’t be relied upon. Securing the hardware should be considered fundamental to securing operations. 

The Hardware Can Be a Source of Vulnerabilities 

Compromised hardware may have counterfeit products that have a higher risk of downtime, backdoors, logic bombs, built-in malware and spyware, inferior components, and a greater potential for denial-of-service attacks. Such hardware could be ticking time bombs. 

Very recently, a CEO of dozens of companies was charged in a scheme to traffic an estimated $1 billion in fraudulent and counterfeit Cisco networking equipment. The chargesheet reads—among other allegations—that the counterfeiters added, “unauthorized, low-quality, or unreliable components–including components to circumvent technological measures added by Cisco to the software to check for software license compliance and to authenticate the hardware.” 

As a leading provider of enterprise and industrial networking and security products, we at Cisco are committed to ensuring that our networking equipment is hardened and provides that secure stable base that you can rely on to build your mission critical operations. 

ISA/IEC 62443: Cybersecurity for Industrial Operations

The industrial automation and control systems (IACS) industry has developed a comprehensive framework that lays out the best practices for robust industrial cybersecurity for both vendors and users. This framework considers measures against both software and hardware-based attacks and was initially developed by the International Society of Automation (ISA) as the ISA99 standards. The International Electrotechnical Committee (IEC) subsequently built on that work and produced the IEC 62443 set of standards. As shown in the diagram, the standard consists of four building blocks–each of which is a standard in itself.

Cisco Aug Fig 1Figure 1: IEC 62443 set of standards

We have previously written about the various parts of this wide-ranging standard (see What is ISA/IEC 62443 and Cisco one of first networking companies to receive two IEC 62443 certifications for industrial switches). In this blog, I will describe how security is built into the complete lifecycle of our entire industrial networking equipment portfolio that complies with the IEC 62443-4 part of the standard. IEC 62443-4 consists of two parts, as described below. 

ISA/IEC 62443-4-1: Secure Product Development Lifecycle Requirements

The first part, IEC 62443-4-1, describes how the underlying products must be developed so that they meet required security standards considerations. IEC 62443-4-1 describes requirements for the secure development of products used to assemble IACS as well as maturity levels to set benchmarks for compliance. These requisites include requirement, management, design, coding guidelines, implementation, verification and validation, defect management, patch management, and product end-of-life. All of these are essential to the security capabilities of a component and the underlying secure-by-design approach of the IACS solution. The overall focus is on continuous improvement in product development and release. 

Cisco software and hardware products are developed according to the Cisco Secure Development Lifecycle (CSDL), which enforces a secure-by-design philosophy from product planning through end-of-life. CSDL comprehensively addresses security from planning, operating, and monitoring stages. Cisco Aug Fig 2

  • Plan: Extensive threat modeling and assessments help us build security and privacy into our technology right from the start rather than “bolt on” afterwards.
  • Develop: We use secure coding standards, threat-resistant code, and follow security best practices. Extensive code reviews prevent defects and minimize security weaknesses.
  • Validate: Our testing regimen incorporates industry-leading protocol tests, open-source and commercial tools, and sophisticated application test methods for vulnerability and penetration testing.
  • Launch: Our strict pre-launch criteria tests readiness and prepares the product for customer use.
  • Operate: Our security preparedness does not stop at product launch. Cisco’s Product Security Incident Response Team (PSIRT) monitors security events, coordinates fixes, and sends notification to customers.
  • Monitor: Cisco’s Talos threat intelligence group research potential threats and shares actionable information with the broader security community to build better defenses.

ISA/IEC 62443 4-2: Technical Security Requirements for IACS Components

IEC 62443-4-2 contains requirements for components necessary to provide the required security base for 62443-3 and higher levels. In this regard, the standard specifies security capabilities that enable hardware equipment to be integrated into a secure IACS deployment. Part 4-2 contains requirements for four types of components: Software application, embedded device, host device, and network device. In essence, a secure IACS solution needs to be built based on secure components. The upper-layer recommendations, such as IEC 62443-3-3, assume that secure components will be deployed to meet the corresponding requirements that address the current and future vulnerability and threat landscape. 

Several Cisco products have already achieved IEC 62443-4-2 certification. In combination with a 62443-certified development process (CSDL), Cisco offers trustworthy communication products which are essential for IACS deployment in critical infrastructures. 

Cisco Trustworthy Technologies 

Cisco Aug Fig 3In addition to benefiting from secure development methodologies, Cisco Industrial Ethernet Switches contain several embedded security features that provide additional layers of protection. These include the Trust Anchor Module that authenticates hardware for immutable device identity and secure storage, among others. These switches also feature Secure Boot that ensures that only authentic and unmodified software boots up on them, Signed Images that protect against insertion of counterfeit and tampered software, and Runtime Defenses that protect running devices from attacks that change product software execution. 

Our Commitment Doesn’t End Here

Not only does Cisco build products that comply with existing industrial networking and security standards (such as IEC 61850 for utilities), but we also help move them forward with active participation and leadership in IEC, ISA, IEEE, and other standard-setting bodies. 

For further reading, please refer to the following: The Cisco Trust Center, Cisco Trustworthy Solutions

Vivek Bhargava
Vivek Bhargava
Working in the IoT Networking marketing group, Vivek Bhargava focuses on industrial switching, industrial security, and the manufacturing vertical. In this role, he works to raise awareness of how Cisco IoT networking and security solutions form the critical backbone of the modern industrial enterprise, and why such solutions are essential for digital transformation of businesses. Prior to this role, Vivek worked in Enterprise Networking where he was responsible for Cisco DNA Center, SD-Access, and Multi-domain networking. Vivek has worked as an engineer, product manager, and product marketer for technology products for enterprises and service providers. Vivek has an MS in Computer Science from University of California, and an MBA from North Carolina State University.

Related Posts

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM