Article: On the way to NIS-2 conformity with IEC 62443-4-2
IEC 62443-4-2: Cybersecurity for industrial computers
Cybersecurity is essential for companies to master the digital transformation in a sustainable way. A comprehensive industrial security standard provides clarity when selecting secure computing solutions. Digital transformation is essential for companies to remain competitive. Without effective measures to strengthen cybersecurity, the opportunities of the digital transformation can turn into risks. Companies today are much more susceptible to cyber attacks, data leaks and the resulting business interruptions with devastating financial consequences. One of the main targets of cyberattacks is the industrial sector.
Cybersecurity through regulation
As a result, the legal requirements in the area of cybersecurity have been significantly tightened for the EU member states. NIS2 prescribes the security and reporting obligations for critical infrastructure, while the forthcoming Cyber Resilience Act (CRA) sets out binding standards for the cyber security of products with digital components as well as specific requirements for their development, design and maintenance.
The first step: risk assessment of the supply chain
The first step for industrial companies is a comprehensive risk assessment of the supply chain. The main focus here is on selecting trustworthy suppliers who deliver safe products. The ISA/IEC 62443-4-2 standard ensures the implementation of the corresponding safety functions of the automation and control systems (IACS) used at device level and forms the basis for compliance with the new regulations. The use of safety-certified products therefore provides a solid basis for a safe and rapid market launch.
Security at device level
A high level of security at device level requires the use of trustworthy hardware with a unique device identity and state-of-the-art encryption and authentication measures. This is the only way to ensure that only authorised users have access. Systems must have a multi-layered security architecture with hardware-based trust (e.g. through TPM 2.0), tamper protection and secure boot processes. Life cycle management and secure remote management of the devices are also crucial for this. Companies need complete transparency and control over their devices in the field. To ensure system integrity, these must be permanently updated with over-the-air security patches and updates. Effective device ID management and secure VPN-based remote access are essential to protect industrial PCs and other edge devices as well as industrial plants and secure critical infrastructures.
Eurotech’s contribution to cybersecurity
Eurotech understands the importance of cybersecurity in the digital transformation not just as a technical requirement, but as a strategic necessity for companies in the digital age. The company is embedding cybersecurity at the core of its edge computing systems and global IIoT projects, ensuring that they can withstand future threats. Eurotech’s solution protects customers from growing cyber threats by offering IEC 62443-4-2 certified IIoT gateways and edge computers. Through its subsidiary InoNet Computer, Eurotech configures and manufactures industrial computers in Germany to meet the challenges of the future.