Cybersecurity certification achieved for Brüel & Kjær Vibro’s VC-8000 SETPOINT® machinery protection system
7 November 2018
The SETPOINT® VC-8000 System, Brüel & Kjær Vibro’s flagship offering for API-670 compliant machinery protection and integrated condition monitoring, is now certified to meet rigorous IEC 62443-4-1 cybersecurity requirements. This certification reflects industry best practices and ensures customers that vulnerabilities to cyber threats that could compromise machine protective functions are minimized.
The certification – IEC 62443 eSTS (exida Security Testing Scheme) Level 1 – was conducted by exida, a globally recognized certification body specializing in functional safety of automation systems, alarm management, and cybersecurity. The tests determine the robustness of industrial automation systems against a variety of Ethernet and TCP/IP cyber-attacks as well as compliance with several fundamental requirements from IEC 62443-4-1 (Secure Product Development Lifecycle Requirements).
Machinery protection systems such as the VC-8000 are commonly connected to industrial control and information networks using digital protocols for passing status, current value, and other information to DCS, PLC, SCADA, process historian, and other automation systems where it can be displayed, trended, and used by plant operations and engineering personnel. Increasingly, industry is demanding that this digital connectivity comply with robust cybersecurity standards to ensure that the electrical grid and other critical infrastructure where large rotating machinery is used remains impervious to cyber attacks. The IEC 62443 family of standards exists to address these concerns for industrial automation and control systems (IACSs) by specifying a series of test protocols designed to detect cybersecurity vulnerabilities.
“The testing was extensive” explains Randy Chitwood, Brüel & Kjær Vibro’s Vice-President of research and development. “It validates that the inherent architecture of the SETPOINT VC-8000 platform is suitably robust against cyber threats via the system’s network communication ports. Customers can be assured with this certification that cyber attacks will not compromise the system’s core machinery protection functionality.”
Chitwood also explains another important achievement with this certification. “We are particularly pleased that – unlike competing systems – no external firewall devices are needed to meet the stringent requirements of this certification. This eliminates the cost, complexity, and ongoing maintenance associated with management of external devices.”