Industrial automation company Yokogawa Electric has announced that its control system development process has obtained ISASecure SDLA (Security Development Lifecycle Assurance) version 2.0.0 certification from the ISA Security Compliance Institute (ISCI).
The ISASecure SDLA v2.0.0 certification program guarantees that the development lifecycle processes of the suppliers for control system products meet the security requirements. This helps to ensure compliance for industrial automation and control systems (IACS) based on the ISA/IEC 62443-4-1 standard, which was established by the International Electrochemical Commission (IEC) for use in these environments.
Yokogawa’s certificate is valid until Jan. 23, 2023, according to the ISCI’s website.
Using third party evaluation, the certification assures that Yokogawa’s control system development processes meet the requirements for developing secure products, making it the first control system product supplier to obtain this certification in Japan. ISASecure SDLA version 2.0.0 specifications were released in February 2018 by the institute.
Headquartered in Tokyo, Yokogawa had previously obtained ISCI’s ISASecure Embedded Device Security Assurance (EDSA) certification for its CENTUM VP integrated production control system and ProSafe-RS safety instrumented system, components of the OpreX Control and Safety System line, it said in a press statement. As a not-for-profit automation controls industry consortium that manages the ISASecure conformance certification program, the ISCI provides market awareness, technical support, education and compliance that meet ISASecure IACS security requirements.
The ISASecure independently certifies industrial automation and control (IAC) products and systems to ensure that they are robust against network attacks and free from known vulnerabilities. The scope of the ISASecure certifications include assessment of off-the-shelf IAC products and IAC product development security lifecycle practices. It does not offer assessments for integrator site engineering practices or asset owner operations and maintenance practices.
The IEC 62443-4-1 specification is part of a series of standards that addresses the issue of security for IACS, and defines secure development life-cycle (SDL) requirements related to cybersecurity for products intended for use in IACS environments.
Yokogawa’s cybersecurity support in the product development lifecycle services help customers control the security risks and manage plant security, in order to achieve business continuity. Its offerings support customers’ security activities through every phase of the plant lifecycle, beginning with product design and development, and proceeding through to implementation of security measures in the system integration phase and security management in the operation phase.
In order to protect plants and other facilities against security threats and ensure stable and secure operations, it is essential to continuously engage in the study, design, operation and evaluation of security measures, Yokogawa said.
Recent cyberattacks targeting industrial control devices have disrupted production operations and resulted in the theft of data. As a result, customers in the oil, petrochemical, natural gas, power, and other industries who operate critical infrastructure are increasingly paying special attention to the evaluation of cybersecurity features before deploying control systems and devices.