HIMA Safety Controller Certified By TÜV Rheinland According To Stringent Cyber Security Standards

Advanced cyber security: HIMA’s HIMax safety controller has been awarded the new cyber security certificate from TÜV Rheinland. The test agency certified the processor and the communications module in accordance with international standards IEC 62443-4-1, IEC 62443-4-2 and ISASecure EDSA 2.0.0. The certificate is based on stringent testing and evaluation of all requirements regarding IT security over the entire lifetime of the safety controller, and it says that the HIMax fulfils the requirements of security level SL 1. By combining highest safety (up to SIL 3) with IT security in a single system, the safety controller provides optimal protection for people, facilities and the environment in times of increasing cyber criminality.

“We are pleased to be amongst the first companies in the world to receive the new cyber security certificate from TÜV Rheinland”, says Dr. Alexander Horch, Head of Research, Development and Product Management at HIMA. “Successful certification is generally a prolonged and complicated process, which usually ties up a lot of resources. As our safety controllers are fully compliant with the necessary high requirements, TÜV Rheinland was able to issue the certificate without any extra effort. The certificate also confirms that our safety controllers have an extremely high degree of IT security by design. That is a splendid confirmation for us, and it benefits our customers because cyber security is an integral part of safety systems at HIMA. That applies at all levels: engineering, hardware, operating system and network.”

In the age of Industry 4.0 and IoT, industrial plants are no longer autonomous, but instead increasingly linked to the outside world. Nowadays, plant operation is only reliable when plant operators systematically implement cyber security measures in addition to functional safety. The key normative basis for this is the international standard IEC 62443, “IT security for industrial automation and control systems”, which specifies separate network levels with defined conduits. The newly developed cyber security certificate from TÜV Rheinland also conforms to this standard.

The certification process must satisfy extremely stringent criteria. TÜV Rheinland tests controllers in accordance with the IEC 62443 standard (Part 4-1, Secure Product Development Lifecycle Requirements, and Part 4-2, Technical security requirements for IACS components).

HIMA additionally received the Embedded Device Security Assurance (EDSA) certificate from ISASecure. ISASecure certification (ISASecure EDSA 2.0.0 – Level 1) is based on a test methodology derived from the IEC 62443 standard. Along with these two certificates, the cyber security of the HIMax controller is documented by an Achilles Level 1 certificate issued by the independent Canadian industrial security specialist Wurldtech.

HIMA’s safety solutions boost the IT security of a plant by their independence from the process control system as well as their design. A dedicated operating system specifically developed for safety-related applications runs on HIMA’s autonomous safety controllers. It is immune to typical attacks on IT systems. The operating systems of the controllers are tested for resistance to cyber-attacks during the software development process. In addition, the HIMA controllers have separate processors for control and communication. This enables operation of separate networks and ensures cyber-secure plant operation even in the event of an attack on external communication. The controllers also protect against unauthorised access to the automation network from the programming environment. Unused Ethernet ports can be disabled.

TÜV Rheinland and HIMA can look back on many decades of successful cooperation: in 1970, the Brühl-based safety specialist was the first company in the world to have its safety controllers certified by TÜV Rheinland.

About HIMA
The HIMA Group is the world's leading independent provider of smart safety solutions for industrial applications. With more than 35,000 installed TÜV-certified safety systems worldwide, HIMA qualifies as the technology leader in this sector. Its expert engineers develop customized solutions that help increase safety, cyber security and profitability of plants and factories in the digital age.

For over 45 years, HIMA has been a trusted partner to the world's largest oil, gas, chemical, and energy-producing companies. These rely on HIMA solutions, services and consultancy for uninterrupted plant operation and protection of assets, people and the environment. HIMA’s offering includes smart safety solutions that help increase safety and uptime by turning data into business-relevant information. HIMA also provides comprehensive solutions for the efficient control and monitoring of turbomachinery (TMC), burners and boilers (BMC) and pipelines (PMC). In the global rail industry, HIMA’s CENELEC-certified SIL4 COTS safety controllers are leading the way to increased safety, security and profitability.

Founded in 1908, the family-owned company operates from over 50 locations worldwide with its headquarters in Bruehl, Germany. With a workforce of approximately 800 employees, HIMA generated a turnover of approximately €126M in 2016. For more information, visit www.hima.com.

HIMA has operated in the Americas since the early 1980s. Its headquarters for the Americas is located in Houston, Texas. For more information, visit www.hima-americas.com.