Kaspersky Industrial CyberSecurity for Networks has achieved certification against international standard IEC 62443-4-1 for the secure software development lifecycle of industrial enterprise solutions, following independent assessment by TÜV AUSTRIA. The certification is awarded to those software products which meet a number of high-level requirements for protecting industrial process control systems in modern production facilities. 

The needs and expectations of the industrial sector when it comes to cybersecurity are understandably high, with the smooth and efficient running of production lines and manufacturing operations hugely disrupted if mission critical systems are affected by cyberthreats. A reliable and robust cybersecurity solution is crucial, and part 4-1 of the IEC 62443 standard is designed to give manufacturers, integrators and plant operators across the globe confidence that the software measures they put in place to mitigate risk within industrial environments are based on the highest levels of product design, quality, safety, implementation and decommission.

To gain certification, Kaspersky Industrial CyberSecurity for Networks underwent an independent audit conducted by TÜV AUSTRIA, which reviewed the entire lifecycle of the product and the secure and structured approach taken to software development. The assessment was based on more than four dozen metrics which determined the level of maturity awarded to the solution. The criteria covered design, implementation according to guidelines, testing and validation, elimination of deficiencies and safe decommissioning. 

“TÜV AUSTRIA is among the first closing the gap between IT and OT security offering a holistic audit approach covering all aspects. IEC62443 defines a new level of reliability for OT security process networks also focusing on high quality software development covering the whole lifecycle. Conducting the audits we found a highly skilled and professional software development environment laying the cornerstone for high quality software products. The successfully conducted audits prove that Kaspersky’s software development processes ensure high levels of quality to address the various levels of risks and vulnerabilities in the industrial sector,” commented Detlev Henze, head of TÜV AUSTRIA Group’s TÜV TRUST IT GmbH.

“Conformity to IEC62443 international standards is of course the key to providing wide access to high-tech world markets and letting software products be incorporated in high-level industrial automation systems of Industry 4.0 level,” added Dmitry Yartsev, director general of TÜV AUSTRIA office in CIS.

Kaspersky Industrial CyberSecurity for Networks confidently achieved the Third Maturity Level for secure development processes, demonstrating documented processes that are repeatable and consistently followed. The solution did however also tick many of the boxes associated with level four attributes which relate to the improvement of processes. 

“Independent and expert certification of security solutions gives those working in the industrial field complete confidence in their chosen cybersecurity approach and peace of mind that the solutions they put in place are robust and reliable. Achieving this certification is testament to the commitment and quality of the solutions we develop at Kaspersky and our consistent approach to design, testing, documentation and decommission. We understand that any level of risk or vulnerability can be hugely costly for the industrial sector which is why we undertake comprehensive and independent testing to verify and validate the high levels of quality and security associated with all our products,” commented Kirill Naboyshchikov, Business Development Manager, Kaspersky Industrial CyberSecurity at Kaspersky.