Cyber security, for sure

Our job is to make sure some of the biggest and most advanced telecom networks in the world are always up and running. The ability to communicate is probably the most precious asset that man has. Communication makes all the difference in the world, in a global context as well as in an individual`s life. This responsibility – making sure communication channels are always powered and on - we do not take lightly. This is reflected in the way we act, in our products and in our procedures for quality assurance and certification.

IEC 62443 - cyber security standard

The IEC 62443 standard is commonly recognized across the world as the gold standard for cyber security. It defines the elements required to establish and run a cyber security management system for industrial automation and control systems. At its core lies the requirement that all data is encrypted and validated. The standard exploits all features within the TCP/IP protocols and provides guidelines for the setup of cyber security tools and procedures.

Controlling the controller is key

Our most recent controllers, the Smartpack2 Touch and R, respectively, are both certified to be compliant with IEC 62433, by the certification body DNV/GL.

The controller is the hub through which all network communication runs. If the controller fails to perform its security functions, it may leave the entire network open to attack. However, cyber security is built into the hardware and software of the controller. So in a worst-case scenario, should intruding software manage to break through the outer defenses, data encryption and communication validation would prevent a failing controller from exposing network data to potential intruders.

Process and people

However, while IEC 62443 focuses on the technical aspects of a solution, it also addresses all processes related to manufacturing, assembly, distribution and operation, and the roles of people related to these processes. These are the processes most subject to potential human error, and therefore the processes that constitute the greatest risks.

The way to building secure systems is to encompass all processes from the initial idea, through development to operation, making sure we meet the requirements of secure development practices and follow recommendations for web services.

We use standard protocols that are commonly in use in a web environment, specific like SNMP and with support for TLS (Transport Layer Security protocol) version 1.2, a technical environment that provides the highest level of security. The controller interface allows for configuration by the customer. We carry out PEN testing to reveal any vulnerabilities, and our equipment is equipped with certificates for safe upload and distribution across large networks.

Building a security culture

Underway in our projects and processes, we implement cyber security in so many ways. For example, we carry out penetration testing, where we invite specialists to try break in to our systems, while we observe and learn.

«This way we can improve and continuously reinforce our commitment to building cyber security into our culture, says Espen Kristensen, product manager for controllers at Eltek, as well as for cyber security at large.

In Sweden, Eltek’s Sales Manager Daniel Angeles Diez reports of an ever sharpening focus on cyber security among his customers, which include the major telecom operators and other critical infrastructure providers.

«If you don’t comply with the strictest security requirements, you’re out. It is not enough to claim that your equipment is secure; it has to be proved through tough security tests. And that applies not only to the products, but also to the company behind the products», says Daniel.

His interest in security is so strong that he is studying the subject in his spare time, as part of a drive to constantly learn more and keep up with important trends and issues. «Cyber crime is a subject of concern for governments all over the world, because widespread internet access and Critical Infrastructure connectivity potentially enables any individual or organization with malicious intent anywhere in the world to cause catastrophic consequences through a security breach», Daniel says.

As long as there is cybercrime and security risk persists, Eltek will continue to focus on best cyber security practices and continuous improvement in order to always stay one step ahead of criminal minds and the threats they represent to a secure and stable Critical Infrastructure.

"Cyber security has to be built into products, procedures and people. It is a cultural thing", Daniel concludes.