Securing Your IIoT Products

PB 41 CSA logo 400

January 27, 2021

Ransomware, botnets, and current event-themed attacks. These are some of the ominous threats that continue to plague Industrial Internet of Things (IIoT) and other systems and devices capable of connecting to a network. Cybersecurity incidents often result in increased expense and scrutiny coupled with loss of revenue and productivity. These adverse impacts can affect manufacturers and the customers and end-users of the compromised products.

Cybersecurity risks apply to manufacturers of IIoT products and systems used in many aspects of industrial, commercial, and consumer environments. The cyber-physical IIoT device and systems could be an easy target of an attack, although the device or system itself is not the intended target of harm.

One vulnerable connected device could be the weakest link that allows malicious activity to enter a network and wreak havoc on other connected systems, data, and the important functions they serve.

Are your IIoT products or systems the weakest link?

It took years to build your good reputation. Don’t let product or system security ruin it.

To better understand, respond to, and control cybersecurity risks, a prudent first step is to better assess and monitor the threat landscape. For manufacturers, this implies incorporating security risk management into organizational operations and processes, ensuring products are secure by design, and implementing safeguards to maintain product security throughout the product’s lifecycle.

Leveraging Standards and Guidance to Design and Deliver Secure Products, Systems and Services

The IEC 62443 standards series is an internationallyrecognized set of published standards that establish baseline security expectations and guidance for organizational programs, processes, products, systems, and services. Manufacturers are able to leverage these standards to implement their security risk management programs and to design and provide secure, trustworthy products, systems, and services. Although initially developed with applicability focused on industrial automation and control systems (IACS) products and environments, these standards are beneficial and widely recognized in a variety of commercial, consumer, and nonIACS products and industries.

Here are examples of some of the IEC 62443 series standards CSA Group can help you with:

  • • IEC 62443-4-1: Secure product development lifecycle requirements – Establishes expectations and guidance for secure development lifecycle processes to incorporate throughout the lifecycle of a product
  • • IEC 62443-4-2: Technical security requirements for IACS components – Establishes technical control and security expectations and guidance for products and components aligned with seven distinct foundational requirements to define and measure security capability levels
  • • IEC 62443-2-4: Security program requirements for IACS service providers – Establishes security capability expectations and guidance for organizations providing services involved in the integration and maintenance activities of an automation solution or service
  • • IEC 62443-2-1: Establishing an industrial automation and control system security program – Establishes expectations and guidance on establishing cyber security management system (CSMS) with focus on the policy, procedure, practice, and personnel included in an organization’s CSMS.
  • • IEC 62443-3-3: System security requirements and security levels – Establishes security and capability expectations and guidance for defining requirements for communication networks and systems security based on established security levels and aligned with foundational requirements

With over 100 years of experience and expertise in testing and certifying industrial and hazardous location products, CSA Group is ready to help you with navigating many of your cybersecurity objectives, including:

  • • Technical Information Service (TIS): We work with you to determine the cybersecurityrelated standards, guidance, and requirements available and most applicable to your current and impending products, operations, and marketplaces.
  • • Cybersecurity Training: We deliver cybersecurity training to you and your team members on the published cybersecurity standards and guidance that are meaningful and important to your organization.
  • • Assessments: We work with you to perform assessments of your processes, products, systems, and/or services against one or more published standards, including any custom requirements. Upon successful completion of the assessment, you are presented with a report and letter of attestation or certification (if applicable).
  • • System Security and Penetration Testing: We work with you to determine targeted testing objectives and scope, then we perform independent testing of your product systems security, issuing a report with key findings and detailed results.

For more information, visit www.csagroup.org.

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…