IEC 62443 is an international series of standards for cybersecurity in industrial automation. The goal is to identify potential vulnerabilities in industrial control and communication technology and to develop appropriate protective measures.
Here is an overview of the current IEC 62443 standards:
If you want to learn more about the standard, take a look at our Industrial IT Glossary article or read about it at the International Society of Automation (ISA).
One of these standards is Point 2-3, Patch Management in IACS Environments, which aims to close security gaps in operating systems and applications.
According to the Department of Homeland Security and the “Seven Strategies to Defend ICSs”, Configuration and Patch Management, at 29%, is the second-largest position to prevent attacks on industrial systems.
The Federal Office for Information Security (BSI) also has a corresponding component in its IT baseline protection with OPS.1.1.3: “Patch and Change Management.”
Unfortunately, this process can become very time-, personnel-, and cost-intensive if it is not automated as much as possible. With IEC 62443-2-3, the ISA99 or IEC has created a “Technical Report” with a standardized XML format that provides plant operators with the results of manufacturer compatibility tests and allows for automatic release or suppression of corresponding updates for affected systems.
This not only significantly reduces the effort of manual testing but also reduces the potential for errors in creating and maintaining the approved lists in the patch management solution.
Below you can find a regularly updated overview of the current state of the most important manufacturers and integrators.
Manufacturer with internal testing and approvals as well as providing an IEC 62443-2-3 XML:
Manufacturer with internal tests and approvals as well as publicly available update information:
Honeywell (PDF):
https://www.security.honeywell.com/resources/honeywell-pro-watch-and-maxpro-software-security-patch-testing-notices
ProLeiT (PDF):
https://www.proleit.com/support/mspatches/
Rockwell (XLS):
https://www.rockwellautomation.com/en-us/support/product/microsoft-patch-qualifications.html
Schneider Electric (XLS):
https://community.exchange.se.com/t5/Geo-SCADA-Knowledge-Base/Microsoft-Update-Testing/ba-p/279120
Manufacturers with their own services or offers for customers:
ABB:
https://new.abb.com/control-systems/service/offerings/advanced-services/system-update-service
Emerson:
https://www.emerson.com/de-de/catalog/deltav-patchmanagement-de-de
General Electric:
https://digitalsupport.ge.com/en_US/Article/Information-on-Product-Compatibility-with-Critical-Microsoft-Security-Patches
Kuka:
https://www.kuka.com/de-de/unternehmen/presse/news/2020/04/kss-vss-upgrade
Yokogawa:
https://web-material3.yokogawa.com/GS43D02T30-05EN.pdf
Updates are considered, but no general vendor release process known:
Beckhoff:
https://infosys.beckhoff.com/index.php?content=../content/1031/sw_os/2033685259.html&id=
B&R:
https://www.br-automation.com/de-de/produkte/software/betriebssysteme/
Voith:
https://voith.com/corp-de/news-room/stories/industrial-security.html
Zeiss:
https://www.zeiss.com/meditec/us/customer-care/operating-systems-update.html
With ondeso SR you are able to patch your production computers automatically after a one-time configuration.
Are you a manufacturer or integrator and do you support the IEC 62443-2-3 standard? Or do you know other manufacturers that should not be missing on this list? Then send us a message and we will be happy to include you in the overview.
Here you can learn more about our company and our expertise as a pioneer and market leader.
Click here for more information about our all-in-one tool for IT operations in OT.
Would you like to learn more? Do not hesitate to contact us, we will be happy to help you.