By Gregory Hale
Schneider Electric earned an award Wednesday from safety and certification provider, exida, after the manufacturing automation giant earned accreditation for compliance with its Security Development Lifecycle certification based on IEC 62443-4-1.
“While other companies have grappled with security vulnerabilities, Schneider Electric has been working to find a better way to eliminate vulnerabilities by design,” said Michael Medoff, cyber security test engineer at exida during the Tuesday morning keynote session at Schneider Electric Connect 2016 in New Orleans, LA. “They are the first company in the world to get the Security Development Lifecycle certified.”
“We started on the journey for cyber security long before I got here in 2010,” said Raja Macha, vice president R&D for process automation at Schneider Electric. “We not only certify our products, but the process.”
The first industry certificate for SDL applies to Schneider Electric’s Process Automation business product development centers in Foxboro, MA, Worthing, UK, and Hyderabad, India.
The exida certification ends up based on international cyber security standards developed to accelerate industry-wide cyber security improvement for industrial automation and control systems (IACS).
“As IT and OT converge, more technology is connecting with more technology; more people are connecting with more technology; more people are connecting with more people. All this connectivity is driving an influx of data that is both beneficial and overwhelming,” Macha said. “We can help customers take advantage of all this connectivity—what we call the IIoT—as well as make sense of all that data, but it all has to be secured first. That’s why we address safety and cyber security concerns head on. Not only are our offers ‘secure by design,’ meaning security is inherent to our system design and delivery, but our stronger cybersecurity services complement the protections already designed into our products, targeting people, competencies and processes to ensure there are no gaps.”
The exida certification applies to Schneider Electric’s Foxboro Evo process control system and Foxboro SCADA systems. Additionally, the three certified sites demonstrate Schneider Electric uses a product development lifecycle that considers cyber security in every phase, part of an institutionalized commitment to securing industrial automation and control systems.