gateway icon  GATEWAY SELECTOR:

Connect Your:

To:

RTA's Blog

IEC 62443 and Secure Software Development

Posted on by John Rinaldi
12
Dec

Life in the 2020s is in many ways more complicated than ever. Technology touches us every minute of our day. It has changed how we attend concerts and sporting events as well as how we attend church services.

This is also true in software development. Industrial customers now expect compliance with secure development practices, not just the promise that “we take security seriously” but to live it.

We have pivoted hard. RTA is now implementing IEC 62443 with the objectives of:

  • Reducing vulnerabilities introduced during development
  • Increasing customer trust
  • Lowering long-term patching costs
  • Supporting market access with large OEMs in regulated industries

In a world where a single insecure library can halt a production line, IEC 62443 is the roadmap that keeps software, and the plants running it, secure.

RTA is implementing it across our product lines: gateways, RTConnect Modules and the RTConnect A-B PLC Historian are all being developed using IEC 62443 processes.

What is IEC 62443? It’s the global cybersecurity framework for industrial automation and control systems (IACS). While many people think it’s mostly about firewalls and network segmentation, several sections are aimed squarely at software development teams, from product architects and coders to QA and DevOps.

At a high level, IEC 62443 expects software teams to define security requirements early, design and code with those requirements in mind, verify them rigorously and maintain security throughout the product lifecycle.

Four parts matter:
Part 1 is the Secure Product Development Lifecycle (SDL). This is the star of the show. Part 4-1 defines how a vendor must build secure products, not what features to include. It defines eight required practices, including Security requirements definitions, secure design and secure implementation.

Part 2, the Technical Security Requirements, describes what security capabilities the product must include.

Part 3, the System Security Requirements (Indirect Impact), focuses on system-level security. Development teams must align with it because their software components often contribute to a system that must meet SL-targets.

Part 4 explains why the standard matters. It describes how the standard reduces vulnerabilities introduced during development, increases customer trust, lowers the long-term cost of patching and supports market access with large OEMs and regulated industries.

In a world where a single insecure library can halt a production line, RTA is adopting IEC 62443, the roadmap ensures we continually provide the best software and keep plants running, securely.

Avatar photo
John Rinaldi

John Rinaldi is Chief Strategist, Business Development Manager and CEO of Real Time Automation (RTA). After escaping from Marquette University with a degree in Electrical Engineering, John worked in various jobs in the Automation Industry before once again fleeing back into the comfortable halls of academia. At the University of Connecticut, he once again talked his way into a degree, this time in Computer Science (MS CS). John is a recognized expert in industrial networks and the author of six books: Modbus: The Everyman’s Guide to Modbus, OPC UA – Unified Architecture: The Everyman’s Guide to OPC UA, EtherNet/IP: The Everyman’s Guide to EtherNet/IP, The Smart Product Manager’s Guide to Industrial Automation Connectivity, The Smart Product Manager’s Guide to Connectivity in the Packaging Industry, and his latest, The Everyman’s Guide to Properly Architecting EtherNet/IP Networks.

Happy Holidays! Our office will be closed Thursday 12/25/25. Orders placed after 2 pm CST 12/24/25 will be processed 12/26/25.