Control System Security Services
Security Certification
exidas security certification process combines control system testing with formal, rigorous assessment criteria based on internationally accepted standards and processes. Embedded in the certification process is the system development perspective gained from the prior experiences of many of exidas employees. This means the certification process balances the highest standards of security verification with sensitivity to time-to-market and implementation costs. exida also leverages this experience to offer design consultation assistance prior to the certification process to help orient a manufacturer going through the process for the first time.
exida supports a comprehensive, three-tier approach to security certification that emulates other well established product safety certification programs. It starts with a strong foundation of network stack robustness testing and layers in functional security assessment and development lifecycle assessment.
Security Product Certification
exida is successfully applying proven tools and methodologies from the more mature functional safety certification program to independently verify a products security protection. The result is Integrity Certification, the only product certification that evaluates safety, security and reliability.
Integrity Certification provides plant operators with third-party validation and helps reduce the complexity of product selection and deployment. For equipment manufacturers, Integrity Certification provides a way to demonstrate that their product meets or exceeds their customers safety, security and reliability requirements. It also represents an important opportunity for competitive differentiation.
Network Robustness Testing
Network Robustness Testing is based on Wurldtechs industry-leading Achilles Certification Program. Achilles Level I Certification identifies vulnerabilities in Ethernet-enabled industrial components, assuring the security, reliability, and robustness of an implementation of OSI layers 2 through 4, including Ethernet, ARP, IP, ICMP, TCP and UDP. A component must pass each of the over 30 million individual tests to achieve Achilles Level I Certification, with Pass/Fail criteria being specified in terms of key component functionalities, such as continuity of process control.
Functional Security Assessment
A Functional Security Assessment detects errors or omissions in the security functionality of a product when audited against requirements for its target security level. Currently, there are no standards that define the security requirements and security assurance levels for industrial automation and control system products. Such standards are under development by ISA, IEC, WIB and other standards organizations. In the meantime, it is possible to evaluate a product against requirements derived from more general control system security standards such as ISA 99.01.01 or general IT security standards such as NIST 800-53, ISO/IEC 15408 or ISO/IEC 27001 & 27002.
Development Lifecycle Assessment
A Development Lifecycle Assessment detects and avoids systematic design faults. The vendors software development and maintenance processes are audited against the security equivalent of IEC 61508, ensuring the organization follows a robust software development process.