A version of this blog originally appeared on Cisco
When you think about cybersecurity, I bet you think about protection from malware–pieces of software that can infiltrate industrial resources and steal data or disrupt operations. Such security requires sophisticated firewalls, deep packet inspection, intrusion detection and prevention, and a robust network that can segment operations and limit any malware's spread.
That's great, but you might be ignoring vulnerabilities that can arise from deficiencies in the underlying hardware. If you are, you would be making a grave error. If the hardware is not reliable, any security measures you take on the network and resources that run on that hardware can’t be relied upon. Securing the hardware should be considered fundamental to securing operations.
Compromised hardware may have counterfeit products that have a higher risk of downtime, backdoors, logic bombs, built-in malware and spyware, inferior components, and a greater potential for denial-of-service attacks. Such hardware could be ticking time bombs.
Very recently, a CEO of dozens of companies was charged in a scheme to traffic an estimated $1 billion in fraudulent and counterfeit Cisco networking equipment. The chargesheet reads—among other allegations—that the counterfeiters added, “unauthorized, low-quality, or unreliable components–including components to circumvent technological measures added by Cisco to the software to check for software license compliance and to authenticate the hardware.”
As a leading provider of enterprise and industrial networking and security products, we at Cisco are committed to ensuring that our networking equipment is hardened and provides that secure stable base that you can rely on to build your mission critical operations.
The industrial automation and control systems (IACS) industry has developed a comprehensive framework that lays out the best practices for robust industrial cybersecurity for both vendors and users. This framework considers measures against both software and hardware-based attacks and was initially developed by the International Society of Automation (ISA) as the ISA99 standards. The International Electrotechnical Committee (IEC) subsequently built on that work and produced the IEC 62443 set of standards. As shown in the diagram, the standard consists of four building blocks–each of which is a standard in itself.
We have previously written about the various parts of this wide-ranging standard (see What is ISA/IEC 62443 and Cisco one of first networking companies to receive two IEC 62443 certifications for industrial switches). In this blog, I will describe how security is built into the complete lifecycle of our entire industrial networking equipment portfolio that complies with the IEC 62443-4 part of the standard. IEC 62443-4 consists of two parts, as described below.
The first part, IEC 62443-4-1, describes how the underlying products must be developed so that they meet required security standards considerations. IEC 62443-4-1 describes requirements for the secure development of products used to assemble IACS as well as maturity levels to set benchmarks for compliance. These requisites include requirement, management, design, coding guidelines, implementation, verification and validation, defect management, patch management, and product end-of-life. All of these are essential to the security capabilities of a component and the underlying secure-by-design approach of the IACS solution. The overall focus is on continuous improvement in product development and release.
Cisco software and hardware products are developed according to the Cisco Secure Development Lifecycle (CSDL), which enforces a secure-by-design philosophy from product planning through end-of-life. CSDL comprehensively addresses security from planning, operating, and monitoring stages.
IEC 62443-4-2 contains requirements for components necessary to provide the required security base for 62443-3 and higher levels. In this regard, the standard specifies security capabilities that enable hardware equipment to be integrated into a secure IACS deployment. Part 4-2 contains requirements for four types of components: Software application, embedded device, host device, and network device. In essence, a secure IACS solution needs to be built based on secure components. The upper-layer recommendations, such as IEC 62443-3-3, assume that secure components will be deployed to meet the corresponding requirements that address the current and future vulnerability and threat landscape.
Several Cisco products have already achieved IEC 62443-4-2 certification. In combination with a 62443-certified development process (CSDL), Cisco offers trustworthy communication products which are essential for IACS deployment in critical infrastructures.
Not only does Cisco build products that comply with existing industrial networking and security standards (such as IEC 61850 for utilities), but we also help move them forward with active participation and leadership in IEC, ISA, IEEE, and other standard-setting bodies.
For further reading, please refer to the following: The Cisco Trust Center, Cisco Trustworthy Solutions