Arteche certifies the secure development lifecycle of its products according to IEC 62443-4-1

18 Mar 2022
IEC 62443-4-1 standard defines a Secure Development Lifecycle (SDL) for the purpose of developing and maintaining products cybersecurity

The electricity sector is undergoing a transformation due to its digitalization and automation, among other things. The convergence of information technologies and new operational technologies generates new vulnerabilities. Today, supply chain attacks are increasing in both number and success rate, with an unprecedented degree of sophistication. 

In this context, electric utilities are increasingly aware of the need to ensure the security of Smart Grid automation systems. IEDs (Intelligent Electronic Devices) are critical points for power grid cybersecurity due to their characteristics and remote communication capabilities. 

That is why Arteche, as a manufacturer of substations control and automation equipment designed under the IEC 61850 philosophy, has made a great effort to adapt the life cycle of its products to one of the reference standards in the sector, the IEC 62443-4-1 - Security for industrial automation and control systems: life cycle requirements for secure product development. This standard establishes the process requirements for developing and maintaining products cybersecurity. 

Aware of the importance of a review by a trusted third party, we have certified our processes with one of the laboratories with the greatest maturity in this standard, TÜV Rheinland.

This milestone is not the end of the road, as we must continue to improve and adapt to the circumstances to ensure an optimum level of security and remain at the forefront of the industry. 

"At Arteche we have a clear stance on cybersecurity: awareness and commitment. A first milestone was the ISO 27001 certification we obtained in October 2020. However, we understand that a product cannot achieve an optimal level of cybersecurity without the processes related to its life cycle contemplating specific activities, from the proposal phase to its withdrawal and destruction, with a special emphasis on its supply chain and vulnerability management, and the IEC62443-4-1 standard is a perfect complement." 

Miguel A. Sanchez, Global Electronic Equipment Cybersecurity Manager

Arteche certifies the secure development lifecycle of its products according to IEC 62443-4-1