GE's Grid Solutions has achieved the IEC 62443-2-4 certification as per the International Electrotechnical Commission (standard) for Electrical Equipment (IECEE) Certification Body Scheme, confirming that the business follows cybersecurity best practices as defined by the standard when we plan, design and execute Industrial Automation and Control System (IACS) projects. This new certification puts emphasis on GE's Grid Solutions’ commitment to deliver a robust cybersecurity strategy to protect electrical utilities, power generation and industrial customers from threats.
The International Standard IEC 62443-2-4 specifies requirements for security capabilities for IACS service providers, which they can offer to asset owners during integration and maintenance of an automation solution. The standards requirements can be applied to integration of new systems as well as to the maintenance of existing systems.
Partnering with an IEC 62443-2-4 certified system integrator reduces customer security risk during the solution's implementation and ensures compliance with the requirements specified in the standard, thus improving secondary equipment owners’ supply chain security.
This certification follows GE's Grid Solutions' IEC 62443-4-1 certification, that specifies the process requirements for the secure development of products used in industrial automation and control systems.
"In a world where cyber threats are permanent and solutions are getting more secured, attackers are moving down the supply chain to compromise systems before they are installed. GE is committed to be an active actor of supply chain security, as recognized by IEC 62443-2-4 and IEC 62443-4-1 certifications", said Jérôme Arnaud, Senior Product Manager Cybersecurity, GE's Grid Solutions.
About IEC 62443
IEC 62443 is an international series of standards on "Industrial communication networks - IT security for networks and systems". The standard is divided into different sections and describes both technical and process-related aspects of industrial cybersecurity. It divides the industry into different roles: the operator, the integrators (service providers for integration and maintenance) and the manufacturers. The different roles each follow a risk-based approach to prevent and manage security risks in their activities. The standard covers 12 areas: assurance, architecture, wireless, security engineering systems, configuration management, remote access, event management and logging, user management, malware protection, patch management, backup & recovery, and project staffing.