Successfully develop secure ICS products
Secure ICS products through integration of cybersecurity during development
The automation industry is increasingly vulnerable to cyber attacks due to the rising digitisation and connectivity in the industrial sector. Hackers possess the capability to manipulate systems and processes, disrupt production or even cause catastrophic accidents. Moreover, the EU law on cyber resilience, the Cyber Resilience Act (CRA), requires manufacturers to have a secure product and development life cycle, fulfil cyber security requirements and continuous vulnerability management.
Industrial Security Engineering offers comprehensive solutions to protect your control units and systems from cyber attacks and to develop them in compliance with the CRA.
Are you an operator, integrator or manufacturer of industrial automation systems seeking to mitigate the risk of cyber attacks on your systems and processes? Then get in touch. You can significantly minimise this risk by implementing and verifying safety measures in accordance with the specifications outlined in IEC 62443.
Capitalise on our extensive expertise in developing and evaluating secure software. With the assistance of our specialists, you can guarantee the integrity, availability and confidentiality of your critical data and systems.
achelos provides professional and efficient support on the path to CRA compliance for your Industrial Control Systems (ICS) products, taking into account industrial security standards in accordance with IEC 62443. This not only saves you considerable time and money but also prevents the need for later adjustments right from the outset.
Secure software right from the start
1. Security Requirements Engineering / TARA
The process of developing secure software commences with a thorough risk assessment. With the aid of our security engineers, you can undertake a comprehensive threat analysis and risk assessment to proactively establish security requirements for your product.
To facilitate this, we arrange and oversee security workshops, during which we identify and evaluate potential threats to the components of Industrial Control Systems (ICS). Building upon the outcomes of these workshops, we formulate security objectives and requirements for subsequent stages of the project.
2. Security Architecture Engineering
Our security engineers are with you every step of the development process. They delineate security requirements and work alongside you to construct security architectures, serving as the primary liaison for your development team regarding product security concerns. Naturally, relevant standards such as IEC 62443 are considered throughout.
3. Embedded Security Engineering
Would you like to ensure the security of the update and boot processes for your ICS components? We work with you as a development partner to integrate cybersecurity and cryptographic functions, particularly within embedded Secure Elements (eSE) and Hardware Security Modules (HSM). Our methodology guarantees that your manufactured ICS components are safeguarded against cyber attacks and can attain certification in accordance with IEC 62443.
4. Security Testing
achelos provides tailored security testing services and robust testing tools to assess your new ICS products for security and compliance with IEC 62443 and individual security requirements, irrespective of the manufacturer.
achelos offers support in the following areas:
- Functional check & conformity tests
- Robustness tests of security functions
- Code analysis
- Vulnerability analysis
- Penetration tests
5. Security Evaluation and Certification Support
Drawing upon our extensive experience in evaluating high-security products in alignment with Common Criteria and other established security standards for test centres and manufacturers, we offer our expertise to your advantage: achelos assists you in saving time and money on product evaluations conforming to IEC 62443 while circumventing the substantial costs associated with subsequent customisation.
Security Engineering by achelos
- Secure products
Develop and provide secure products devoid of vulnerabilities, resilient against attacks and other security threats.
- Future-proof
Seamless integration of cybersecurity into your development process.
- Risk minimisation
Secure software development from inception, aligning with BSI requirements and ready for certification if required.
- Efficiency
Prevent high costs and time spent on subsequent vulnerability mitigation.
Any questions? Your contact person for queries in this field is: