Cyber-attacks targeting critical infrastructure assets have become increasingly frequent and sophisticated. In response, Standards Australia has adopted a new national standard aimed at strengthening cybersecurity across operational technology (OT) environments.
So, what’s the AS IEC 62443 series all about? Read on to find out.
Why adopt AS IEC 62443 now?
Why now?
Australian authorities are growing more concerned about the worsening cyber threat landscape. Critical infrastructure protection is foremost in their mind. Indeed, cyber incidents impacting key critical infrastructure sectors like energy, healthcare, and transportation increased by 50% from 2021–22 to 2022–23.
Why such a dramatic rise?
One major factor is the increasing convergence of OT and Information Technology (IT) systems.
Sure, this convergence has worked to produce incredible efficiency gains – from real-time monitoring to improved responsiveness. But it’s also had the unintended consequence of expanding the attack surface for cyber threats.
For their part, threat actors have seized the opportunity, targeting legacy systems lacking up-to-date security features and exploiting other weak points in operational environments to gain unauthorized access and disrupt operations.
In fact, as of 2022–23, almost 60% of cyber incidents reported by critical infrastructure organizations involved:
- Compromised credentials
- Denial-of-service (DoS) attacks
- Unauthorized network or infrastructure access
(According to data from the Australian Signals Directorate)
What is the AS IEC 62443 series?
To counter these threats, Australia is taking action. The government released its landmark 2023-2030 Cyber Security Strategy to help citizens and businesses better manager the cyber environment around them. That Strategy document also called out the need for continuing adoption of ISO/IEC standards for cyber security.
Which brings us to AS IEC 62443. Developed by the IEC/Technical Committee 65 Working Group 10, AS IEC 62443 is a set of specialized standards offering a modular, role-based approach to cybersecurity – one in which individual users can select the parts relevant to their responsibilities or the stage of the system lifecycle they’re working in.
Aligning with local regulatory requirements, the standards that form the series are designed for asset owners, service providers, and product suppliers.
Benefits of adopting AS IEC 62443
In addition to regulatory alignment and compliance, the benefits of adopting the standard include:
- Protects public health. Helps reduce the risk of system failures caused by cyberattacks.
- Supports social stability. Safeguards the essential services communities rely on.
- Boosts economic opportunities. Allows consumers to safely participate in energy markets, such as selling power back to the grid.
- Reduces reputational risk. Minimizes the chance of prolonged outages and public fallout for organizations managing critical infrastructure
Looking ahead, the IEC continues to evolve their standards to meet the needs of emerging technologies and smart systems. For instance, it will soon be addressing the Industrial Internet of Things.
Of course, adopting AS IEC 62443 is just one part of Australia’s broader push to secure its critical infrastructure. Another cornerstone is the Security of Critical Infrastructure (SoCI) Act, widely considered a gold standard in national legislation.
To learn more about the Security of Critical Infrastructure Act, check out our guide.
.svg)
.svg)
.svg)