Testing of a safety-relevant component (flame monitor, flame supervisor) in preparation for IEC 62443-4 certification
| Industry | Engineering |
| Customer | DURAG GmbH in cooperation with embeX GmbH |
| Time frame | November 22 - January 23 |
| Project Location | Cologne & Hamburg, Germany |
| Challenges & Goals | DURAG GmbH has developed the flame supervisor, which is used to monitor flames within a combustion process. DURAG GmbH pursues the goal to certify the flame detector according to IEC 62443-4. Within the scope of such a certification, the proof of a penetration test with an appropriate attacker strength must also be demonstrated. In the linguistic usage of IEC 62443-4 this is an attacker of level SL3. This penetration test was performed by us. |
| Solutions & Services | In accordance with the regulatory requirements, a penetration test was performed by us against the flame detector with level SL3. A penetration test aims to use a structured approach to identify vulnerabilities that an attacker could exploit to limit the availability, integrity or confidentiality of the device. According to the attacker strength SL3, the scope and complexity of the attacks that were performed during the penetration test were determined. The penetration test was performed in a white-box approach. The penetration test was divided into 6 phases:
In the scope of the penetration test was the flame detector with its external interfaces:
In addition to external interfaces, other aspects were also examined regarding the underlying attacker model. These included in particular:
|
| Customer benefits | IEC 62443-4 serves as proof of compliance with the due diligence requirements of the German Ordinance on Industrial Safety and Health (Betriebssicherheitsverordnung) and the German Product Safety Act (Produktsicherheitsgesetz), as well as for the identification and elimination of digital vulnerabilities in the development, manufacturing, and service process. |
About DURAG GmbH
DURAG GmbH specializes in state-of-the-art technologies and services in the field of combustion engineering and emission measurement technology. Scientific work and technical progress have defined this innovation-driven company for over 75 years. As the namesake with the largest production (about 13,000 products annually) and the largest development department, the company today plays a decisive role within the DURAG GROUP.
Cybersecurity at TÜV Rheinland
For more than 20 years, the cybersecurity business at TÜV Rheinland has been helping companies from numerous industries to use innovative technologies securely. Our consultants combine their cybersecurity expertise with a high level of industry know-how. The approach of our cybersecurity solutions aims to combine security and data protection in an increasingly vulnerable world, networked systems, and devices. To this end, the experts conduct cybersecurity tests, industrial security audits, and data protection audits of the Internet of Things (IoT) and cloud infrastructures, among others. TÜV Rheinland operates a global network of more than one hundred laboratories worldwide, where all cybersecurity and data protection tests can be carried out for manufacturers.