Endress+Hauser meets highest cyber security standard

Durch die Einhaltung der zertifizierten Leitfäden der IEC 62443-4-1 trägt Endress+Hauser zum zuverlässigen und sicheren Betrieb seiner Produkte in den Anlagen seiner Kunden bei. / By adhering to this certified guideline, the company ensures that its products contribute to the reliability and security of its customers’ plants.

Mirko Brcic, Product Security Officer bei Endress+Hauser. / Mirko Brcic, Product Security Officer at Endress+Hauser.

With its certification, TÜV Rheinland has confirmed that the product development processes and product life cycles at Endress+Hauser meet the IEC 62443-4-1 international industry standard for cyber security. By adhering to this certified guideline, the company ensures that its products contribute to the reliability and security of its customers’ plants.

Measurement instruments and components from Endress+Hauser make certain that numerous process engineering systems around the world operate securely and reliably. For industrial plants and Industrial Internet of Things (IIoT) environments, cybersecurity is becoming a growing focus. With networking and connectivity becoming increasingly prevalent, it’s imperative that companies protect their production systems and automation technology from unauthorized access.

To optimally protect its customers’ production systems, Endress+Hauser lays the foundation for secure operation as early as the planning and development phases of its products and services. In March, TÜV Rheinland, one of the world’s leading testing service providers, issued a certification in line with the IEC 62443-4-1 norm confirming that this product development process, as well as the product life cycle, meets the highest international standards.

“This is a testament to the quality of our work, which we are extremely pleased about,” says Mirko Brcic, Product Security Officer at Endress+Hauser. “In light of ongoing technical advances – you only have to think about the advanced physical layer or IIoT products – for us it’s very important that we not only accelerate digitalization but continue to safeguard the security of our instruments and software at the same pace.”

Stringent requirements for automation technology

By aligning the processes with IEC 62443-4-1, among other things Endress+Hauser ensures that products are developed from the beginning with all security requirements in mind and that the components it delivers pose no risks. Added to that are other measures such as code analyses and reviews, penetration tests and the installation of security updates. A total of eight different areas define what a secure product development process should look like:

- Security management
- Security requirements specification
- Secure design guidelines
- Secure implementation guidelines
- Verification and validation of security properties
- Vulnerabilities management
- Creation and publication of security updates
- Security product documentation

Strong capacity for innovation

“With IEC 62443-4-1, a proven certification standard in industrial automation, we ensure that all employees involved in these internal processes are working at the same level of security. That allows us to lay the cornerstone to be able to offer high-quality measurement, automation and IIoT products for connected production environments, now and in the future,” adds Mirko Brcic. 

Endress+Hauser has a long tradition of investing in innovation. Last year the IETF recommended for standardization the innovative CPace security technology developed by Endress+Hauser, which provides password-protected instrument access. Patent applications are regularly at high levels as well. The Group currently boasts a portfolio of 8,900 patents and patent filings.