Cybersecurity

Benefits:

  • Reduces the risk of cyberattacks amidst growing interconnectivity of assets

Key Resources

Type
Description
Link
Type
Use Case
Description

DNV GL has published a recommended practice that provides guidelines on how to apply IEC 62443 (Identical adoption by the Singapore Standards Council as SS IEC 62443) in the oil and gas industry sector.

Link Website
Type
Use case
Description

BSI has listed case studies of companies that have benefitted from implementing ISO/IEC 27001 (Identical adoption by the Singapore Standards Council as SS ISO/IEC 27001).

Link Website
Type
Training
Description

TÜV SÜD offers an IT security for industrial controls and automation systems training based on IEC 62443 (Identical adoption by the Singapore Standards Council as SS IEC 62443).

Link Website
Type
Training
Description

TÜV SÜD offers ISMS Certification and also provides a range of instructor-led and e-learning courses based on ISO 27001 (Identical adoption by the Singapore Standards Council as SS ISO/IEC 27001).

Link Website
Type
Training
Description

SIMTech and TÜV SÜD offers a 2-days course targetting operations and information security executives to provide cyber awareness and a detailed understanding of cyber threats, vulnerabilities as well as the practices to ensure cyber resilience for I4.0 adoption and to implement operational level practices for operational continuity.

Link Website
Type
Training
Description

SIMTech and TÜV SÜD offers a 1-day class targetting senior management to provide the managerial level on cyber awareness for taking right decisions and fundamental knowledge for ensuring cyber resilience for I4.0 technologies adoption along with the implementation of necessary measures at organisational level.

Link Website

Standards

Document No.
TR IEC/TS 62443-1-1:2018
Identical Adoption of
IEC/TS 62443-1-1:2009
Title
Industrial communication networks – Network and system security – Part 1-1: Terminology, concepts and models
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 defines the terminology, concepts and models for Industrial Automation and Control Systems (IACS) security. 

 
Document No.
SS IEC 62443-2-1:2018
Identical Adoption of
IEC 62443-2-1:2010
Title
Industrial communication networks – Network and system security – Part 2-1: Establishing an industrial automation and control system security program
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 defines elements necessary to establish a cyber security management system (CSMS) for industrial automation and control systems (IACS) and provides guidance on how to develop those elements.

 
Document No.
TR IEC/TR 62443-2-3:2018
Identical Adoption of
IEC/TR 62443-2-3:2015
Title
Security for industrial automation and control systems - Part 2-3: Patch management in the IACS environment
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 describes requirements for asset owners and industrial automation and control system (IACS) product suppliers that have established and are now maintaining an IACS patch management program.

 
Document No.
SS IEC 62443-2-4:2018
Identical Adoption of
IEC 62443-2-4:2015+AMD1:2017
Title
Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 specifies a comprehensive set of requirements for security capabilities for IACS service providers that they can offer to the asset owner during integration and maintenance activities of an automation solution.

It provides for the development of profiles that allow for the subsetting of these requirements.

 
Document No.
TR IEC/TR 62443-3-1:2018
Identical Adoption of
IEC/TR 62443-3-1:2009
Title
Industrial communication networks - Network and system security – Part 3-1: Security technologies for industrial automation and control systems
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 provides a current assessment of various cybersecurity tools, mitigation counter-measures, and technologies that may effectively apply to the modern electronically based IACSs regulating and monitoring numerous industries and critical infrastructures.

 
Document No.
SS IEC 62443-3-3:2018
Identical Adoption of
IEC 62443-3-3:2013
Title
Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 provides detailed technical control system requirements (SRs) associated with the seven foundational requirements (FRs) described in TR IEC/TS 62443-1-1 including defining the requirements for control system capability security levels, SL C(control system).

 
Document No.
SS IEC 62443-4-1:2018
Identical Adoption of
IEC 62443-4-1:2018
Title
Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 specifies process requirements for the secure development of products used in industrial automation and control systems.

It defines a secure development life-cycle (SDL) for the purpose of developing and maintaining secure products.

 
Document No.
IEC 62443-4-2:2019
Title
Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components
 
Why is this useful?
Provides requirements on the security of Industrial Control Systems (ICS) networks to help companies reduce both risk of failure and exposure of ICS networks to cyberthreats.
Scope

This part of IEC 62443 provides detailed technical control system component requirements (CRs) associated with the seven foundational requirements (FRs) described in IEC TS 62443-1-1 including defining the requirements for control system capability security levels and their components, SL-C(component). 

 
Document No.
SS ISO/IEC 27001:2019
Identical Adoption of
ISO/IEC 27001:2013
Title
Information technology — Security techniques — Information security management systems — Requirements
 
Why is this useful?
Preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
Scope

This standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system.

 
1 Standard selected
 

Please fill the below to indicate your interest(s)

Country code, Area code and Number

This request will be sent to the Singapore Manufacturing Federation – Standards Development Organisation and/or to the Singapore standards e-shop. Based on your request, an officer will contact you within 5 working days.