Industrial devices must be authenticated to prevent counterfeiting and sending fake data and commands. Users must be authenticated to provide accountability and prevent errors or malfeasance.

IEC 62443 requires user authentication at security levels 1-4 and device authentication at security levels 2-4 with requirement enhancements demanding hardware security at security levels 3 and 4.

Infineon's OPTIGA™ security chips use strongly protected cryptographic keys to authenticate devices, data, and commands, as required in IEC 62443. Similar security chips can be used to provide strong human authentication.

Portable software support libraries from Infineon and our partners ease integration and key management. For example, strong authentication can be integrated into communications protocols such as TLS or IPsec. Thus the authentication requirements of IEC 62443 can be met.

To maintain reliable and safe operation, the integrity of industrial systems must be maintained. If an attacker can compromise the integrity of a system or component, they can alter its behavior in a malicious manner. For example, data such as pressure readings may be fabricated and commands may be ignored. Communication integrity is equally critical as data and commands may be altered in transit.

IEC 62443 requires communication integrity protection and system integrity protection at security levels 1-4. At the higher security levels, requirement enhancements demand cryptographic protection and automated verification.

The OPTIGA™ TPM and OPTIGA™ Trust X products use hardware security to implement features like digital signature verification, trusted computing, and cryptographic hashes. Portable software support libraries from Infineon and our partners leverage the OPTIGA™ product features to implement system integrity capabilities such as secured communications, secured software update, secured boot, measured boot, and remote attestation. Thus industrial systems can be protected up to even the highest security levels defined in IEC 62443.

When private or confidential data such as intellectual property must be protected, there is no substitute for encryption. Encrypting data in transit prevents eavesdroppers from discovering secrets. Encrypting data at rest prevents reading out secrets from storage. In either case, strongly implemented encryption is a very powerful tool.

IEC 62443 requires the capability to protect confidentiality at all security levels. However, confidentiality is not needed for all data. Therefore, IEC 62443 provides guidance to system designers who must make the ultimate decision about where to use confidentiality protections.

The OPTIGA™ TPM and OPTIGA™ Trust X products support encryption. Of equal import, they provide supporting features like secured key storage, key generation and provisioning, and hardware random number generation. Without these features, encryption cannot be effectively utilized. Portable software support libraries from Infineon and our partners can use the OPTIGA™ product features to secure communications and stored data.