What is IEC 62443-2-4?
IEC 62443-2-4 is part of the IEC 62443 series and describes the Security requirements for system integrators and service providers within industrial automation (IACS – Industrial Automation and Control Systems).
This standard specifies what suppliers, installers and integrators must do in order to deliver, install and maintain secure systems in OT environments.
🧠 What does IEC 62443-2-4 cover?
IEC 62443-2-4 addresses the entire service delivery process, from design through to maintenance, with emphasis on:
1. Supplier responsibilities
- Integrating cybersecurity into the project approach
- Identifying and managing risks
- Collaborating with the asset owner based on IEC 62443-2-1
2. Secure implementation
- Applying security measures during system installation
- Applying Security Levels per zone in line with IEC 62443-3-3
- Configuring Firewall, Access Control, User-Based Access Control, etc.
3. Maintenance and support
- Patch management, monitoring and remote support
- Procedures for Incident Response, logging, Audit and management
- Secured Remote Access (e.g. via Jump Server, MFA)
4. Documentation and handover
- Providing detailed security documentation
- Including: Asset Inventory, network diagrams, access rights, log configuration
🏭 Relevance in an OT context
| Supplier role | Application of 62443-2-4 |
|---|---|
| System integrator | Designing and installing SCADA or DCS systems |
| OEM / Machine builder | Supplying machines with network connectivity |
| Remote service provider | Maintaining PLCs or HMIs remotely |
| Cloud / IIoT service provider | Providing online dashboards or data storage services |
With IEC 62443-2-4, asset owners can place requirements on suppliers based on international standards.
🔐 Requirements (simplified overview)
| Domain | Examples of requirements |
|---|---|
| Organisational | Security policy, security training for personnel |
| Technical | Firewall configuration, Protocol Filtering, network segmentation |
| Operational | Backup, Restore, Change Management |
| Maintenance | Patch management, Remote Access policy, Monitoring |
| Customer communication | Reporting, alignment on Security Level objectives |
✅ Benefits of implementation
- Increases customer trust in suppliers
- Contributes to cybersecurity-by-design in OT projects
- Helps with compliance with legislation such as NIS2
- Reduces risks in system implementation and maintenance
📌 In summary
IEC 62443-2-4 sets requirements for suppliers in OT to deliver and maintain secure systems. Together with IEC 62443-2-1 and IEC 62443-3-3, it forms the basis for reliable OT security across the whole lifecycle.