• For Safety’s Sake: Cyber-secure processes are essential to enable trusted connectivity

The explosion of the industrial internet of things (IIoT) creates a crucial need for robust cybersecurity practices and well-defined standards that provide customers with confidence that their connected devices will operate securely throughout their entire lifecycle.

Cybersecurity is a critical capability and aspect of creating trusted environments. But how can you validate that secure-by-design principles have been applied to every product installed across your systems?

In last month’s article, we covered how UL and IEC product cybersecurity certifications are helping support trusted connectivity around the globe. In this installment, we’ll focus on the importance of embedding security throughout the entire product development process – otherwise known as the Secure Development Lifecycle (SDL).

What is a Secure Development Lifecycle (SDL)?

SDL was created in response to an increase in virus and malware outbreaks at the turn of the twenty-first century. This approach to product development places cybersecurity front and center from inception to deployment and lifecycle maintenance. SDL can help manufacturers stay ahead of cybercriminals by managing cybersecurity risks throughout the entire lifecycle of a product or solution.

As an early spearhead of the SDL initiative, Microsoft made its SDL tools, processes and guidelines widely available. Since then, SDL has been widely adopted across industries including electrical and critical infrastructure. Today, SDL is a proven strategy to address risk proactively with a system-wide defensive approach.

For manufacturers, adopting an SDL approach that has been validated by a third-party is critical to creating trusted environments. It’s the third-party certification that gives customers confidence in the processes and technologies they’re applying, much like safety certifications and standards in the National Electric Code. 

Standards for SDL build confidence 

Although SDL is not an inherent code or standard, it does dictate how cybersecurity should be integrated into processes for product procurement, design, implementation and testing teams.

The International Electrotechnical Commission (IEC) 62443-4-1 lays out guidelines for secure product lifecycle development in the electrical industry. The IEC guideline specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development lifecycle for developing and maintaining secure products. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products.

Third-party validation for SDL processes is important because it provides customers with confidence and helps reduce risk by confirming that the technologies and processes they’re applying comply with proven industry guidelines. At Eaton, we take SDL very seriously to proactively manage cybersecurity risks in products through a framework involving threat modeling, requirements analysis, implementation, verification and ongoing maintenance.

How SDL protects electrical systems in the long term

A “defense in depth” mechanism that is effective today may not be effective tomorrow because the vulnerabilities keep evolving. This is why administrators of industrial control system networks must be ever-alert to changes in cybersecurity landscape and work to prevent any potential vulnerabilities.

The cybersecurity process certifications outlined by IEC provide customers with confidence that manufacturers have instilled the organization-wide approaches needed to ensure robust cybersecurity over the lifecycle of any given product. 





Eaton manages cybersecurity risks in products through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the entire product lifecycle.

The more connected devices flourish, the more cybersecurity matters. If your organization isn’t currently adhering to SDL processes, there is no better time to start than now.

Max Wandera, director, Product Cybersecurity Center of Excellence

We’re taking the lead in secure product development when it comes to power management

Data-driven technologies are rapidly changing the way the world works. And the more connected devices flourish, the more cybersecurity matters. If your organization isn’t currently adhering to SDL processes, there is no better time to start than now. 

Beyond adhering to SDL development processes, it is also critical that organizations across the electrical industry establish a robust cybersecurity program that includes periodic assessment of their IT/OT network to ensure they stay on top of vulnerabilities on they network. If they do not have this expertise in house, they can leverage third-party cybersecurity service offerings from trusted suppliers. Some of these services include:

  • An initial audit and assessment focused on people, processes and technology to help customers take corrective action and advance system uptime.
  • Workforce education focused on how to design, develop, deploy and maintain products and solution on their infrastructure and keep up to date with evolving cybersecurity threats.  

More for you

View more blog posts

Return to For Safety's Sake to view all posts.