ICS security concept by Phoenix Contact

This topic describes how Phoenix Contact solves the requirements regarding cyber-security. 

Note: This description and the illustrations in this chapter are schematic and exemplary in nature. They do not claim to be complete. Details on technical implementations and practical realization can be found in the respective product-related security guides.

General considerations and Phoenix Contact certifications

Phoenix Contact understands and implements security holistically: as a device/component manufacturer and as a system integrator and keeps a close eye on plant owners (as end customer). This is possible because Phoenix Contact is familiar with the challenges of plant owners since production is also the core element of Phoenix Contact business processes.

In practice, this means that Phoenix Contact has to decided to comply with the IEC 62443 standard as this is the comprehensive standard for OT (ICS networks) security.
Phoenix Contact is active on all three levels of the IEC 62443: device/component manufacturer, system integrator and plant owner. Therefore, our customers can rely on our security expertise as well as on the fact that Phoenix Contact products are developed securely according to the IEC 62443 standard. Many of the measures described here are direct answers to the general requirements in ISO 27001 which is the recognized and applicable standard for security processes in plant IT networks. Both standard are complementary to each other.

To prove this, Phoenix Contact has been certified according to the following parts of the IEC 62443 standard:

  • Part 4-1 certified product development process. This certificate confirms that Phoenix Contact has completely defined security processes and applies them for certain product developments.
  • Part 3-3: Certification of the security system building capabilities.
  • Part 2-4: Certification of the system integration services. This certificate covers system development at Phoenix Contact as well as at the premises of the plant owner.
Further Information: Refer to the topic IEC 62443 Standard: Security for Industrial Applications for further information on the standard and the division of its parts.

360° security: our portfolio

As mentioned before, Phoenix Contact considers cyber security holistically. The basic idea of what we call 360° security is that an adequate security concept must include the technology used, defined processes, and the people involved, i.e., it must specify both technological and organizational measures.
Refer to 360° Security - The Holistic Approach for further information.

Transferred to us as a supplier of products, solutions and services this means:

Phoenix Contact...

  • operates a secure development process. Security measures are implemented, verified and documented based on a threat analysis. Phoenix Contact products implement various security functions. Regular checks ensure the identification of any security vulnerabilities. Security updates then close the security gaps.
  • offers various services to support you: from assessing your individual security level and providing advice on how to improve your security to training your staff. All services conform to the highest security standards.
  • provides you with secure automation solutions and security architectures for a wide range of requirements and industries.

 

 


• Published/reviewed: 2024-12-16 • Revision 016 •