OT security standards wars

Overview

For many years, the IEC 62443 standards have been the go-to framework for OT cybersecurity, largely because there were few alternatives available in this specialized field. However, a new and impactful standard has emerged, capturing the attention of cybersecurity professionals. SAE, well-known for its expertise in the transportation sector, has developed a fresh standard focused on securing cyber-physical systems.

Unlike traditional methods that rely on extensive control lists that may become outdated with evolving use cases, or subjective and often cumbersome risk assessment approaches that can be manipulated, SAE offers a different strategy.

Kenneth Crowther, product security leader at Xylem, explores SAE’s methodology, outlining its three foundational pillars. He also contrasts this approach with IEC 62443, illustrating the differences through a series of engaging examples involving an electric vehicle charging station.