Stormshield announces that it has obtained IEC 62443-4-1 certification. This standard provides a comprehensive framework for managing the risks associated with implementing cybersecurity in industrial automation and control systems (IACS). It provides a guarantee that products have been developed in accordance with the best cybersecurity practices applicable to a complex industrial system. This makes it possible to adopt security systems in industrial infrastructures, simplifying the certification process for the entire system.
Stormshield products designed, manufactured and maintained with the highest level of security
“The introduction of the industry of the future, which began many years ago, has brought complexity to the environment of industrial automation and control systems, explains Stormshield CEO Pierre-Yves Hentzen. Links between the industrial network and the traditional management IT infrastructure or external partners increase the attack surface, and the potential risk of a security breach. That’s why the IEC 62443-4-1 cybersecurity standard plays a crucial role; it sets out rigorous technical requirements for the security of industrial system components throughout their lifecycle, thereby strengthening the resilience of infrastructures in the face of cyber-threats.”
This certification confirms that Stormshield provides its customers with products that are designed, manufactured and maintained to the highest security standards. It covers all software development processes based on seven fundamental principles:
- Security management, including the development process, responsibilities and private key management;
- Definition of security requirements, including a threat model and a risk analysis;
- Security By Design, which includes the principles of secure architecture and design;
- Secure implementation through good coding practices;
- Testing and verification, which aims to ensure that the implementation is correct by including pentests and vulnerability tests;
- Management of security incidents and vulnerabilities;
- Management of updates, patches, documentation and information procedures.
Supporting industrial companies in their compliance journey
In addition to this certification, Stormshield supports industrial automation and control systems in their efforts to comply with IEC 62443-4-1 through three product lines that provide perimeter protection, endpoint protection and end-to-end data protection. The features offered by the various Stormshield solutions help to meet the basic requirements of the standard.
Identification, authentication control
Stormshield Network Security (SNS) identifies networks (including WiFi), machines and users, while incorporating the associated access controls into the security policy. The user management and authentication functions offer a high degree of flexibility, ensuring that data can either be retrieved from the corporate directory or a complete, stand-alone infrastructure that also allows external users to be managed can be set up.
Usage control
Most usage controls are based on the security policy set as part of the device protection system. The Stormshield Network Security (SNS) solution goes further: it can also limit the duration of sessions, terminate remote connections and intercept and block malicious mobile code. Stormshield’s system event management solution also ensures secure auditing of actions carried out within the IACS.
System integrity
System integrity checks, such as protection against malware, are carried out at both network and workstation level. Both solutions are also capable of implementing predefined remediation actions through their security policy. In addition, the Stormshield Network Security (SNS) solution ensures the integrity of communications and sessions, and also verifies action codes sent to PLCs, via its in-depth packet analysis. Protection against changes is provided by the Stormshield Endpoint Security (SES) solution at system application level, and by the Stormshield Data Security so(SDS) lution for information integrity. Lastly, audit information can be protected by sending logs simultaneously to several servers.
Data confidentiality
Access to information is ensured for both data in transit via Stormshield Network Security (SNS)’s secure communications, and for stored data through its Stormshield Data Security (SDS) data protection solution. The cryptographic mechanisms used by these solutions are qualified to the highest European level, and manage resources that no longer need to access information once they have been decommissioned.
Restriction of data flows
Data flow management ensures that IACS complies with requirements around security zones and conduits. The Stormshield Network Security (SNS) solution’s routing and network flow control functions, right down to the application level, ensure an optimum response to all security requirements. They segment the network, protect security zone perimeters and control outgoing messages using a default flow blocking mechanism to authorise only authorised communications.
“Our IEC 62443-4-1 certification underlines our commitment to ensuring the security of industrial systems – a key issue in today's world of pervasive cyber-threats, adds Eric Hohbauer, Sales Director and Deputy Managing Director of Stormshield. This certification testifies to our efforts to comply with the most demanding cybersecurity standards, so that we can effectively protect our customers against the risks of cyberattacks on the connected industry, offering them certified, robust security solutions tailored to their needs.”
