ICS Security Concept by Phoenix Contact
Dieses Thema enthält die folgenden Abschnitte:
This chapter describes how Phoenix Contact solves the requirements regarding cyber-security.
| Hinweis
This description and the illustrations in this chapter are schematic and exemplary in nature. They do not claim to be complete. Details on technical implementations and practical realization can be found in the respective product-related security guides. |
General considerations and Phoenix Contact certifications
Phoenix Contact understands and implements security holistically: as a device/component manufacturer and as a system integrator and keeps a close eye on plant owners (as end customer). This is possible because Phoenix Contact is familiar with the challenges of plant owners since production is also the core element of Phoenix Contact business processes.
In practice, this means that Phoenix Contact has to decided to comply with the IEC 62443 standard as this is the comprehensive standard for OT (ICS networks) security.
Phoenix Contact is active on all three levels of the IEC 62443: device/component manufacturer, system integrator and plant owner.
Therefore, our customers can rely on our security expertise as well as on the fact that Phoenix Contact products are developed securely according to the IEC 62443 standard.
Many of the measures described here are direct answers to the general requirements in ISO 27001 which is the recognized and applicable standard for security processes in plant IT networks. Both standard are complementary to each other.
- Part 4-1 certified product development process. This certificate confirms that Phoenix Contact has completely defined security processes and applies them for certain product developments.
- Part 3-3: Certification of the security system building capabilities.
- Part 2-4: Certification of the system integration services. This certificate covers system development at Phoenix Contact as well as at the premises of the plant owner.
- Part 4-2: Certification of components. This certificate covers first products by Phoenix Contact. We will continue to expand this certification.
| Weitere Infos
Refer to the chapter "IEC 62443 Standard: Security for Industrial Applications" for further information on the standard and the division of its parts. |
360° Security: Our Portfolio
As mentioned before, Phoenix Contact considers cyber security holistically. The basic idea of what we call 360° security is that an adequate security concept must include the technology used, defined processes, and the people involved, i.e., it must specify both technological and organizational measures.
Refer to the chapter "360° Security - The Holistic Approach" for further information.
Transferred to us as a supplier of products, solutions and services this means:
Phoenix Contact...- operates a secure development process. Security measures are implemented, verified and documented based on a threat analysis. Phoenix Contact products implement various security functions. Regular checks ensure the identification of any security vulnerabilities. Security updates then close the security gaps.
- offers various services to support you: from assessing your individual security level and providing advice on how to improve your security to training your staff. All services conform to the highest security standards.
- provides you with secure automation solutions and security architectures for a wide range of requirements and industries.
