Schneider Electric Achieves Industry-First Advanced Cybersecurity Certification for EcoStruxure IT DCIM Solutions

In a groundbreaking achievement for the data center industry, Schneider Electric’s EcoStruxure IT Network Management Card 3 (NMC3) has become the first Data Center Infrastructure Management (DCIM) solution to obtain the IEC 62443-4-2 Security Level 2 (SL2) cybersecurity certification. Certified by TÜV Rheinland, this level of cybersecurity certification underscores Schneider Electric’s dedication to securing critical infrastructure and advancing cybersecurity standards in energy management and automation. This article explores the significance of this certification, the rigorous testing involved, and how it aligns with the growing demand for secure data center solutions amid a landscape of rising cyber threats.

Raising the Cybersecurity Bar in DCIM

According to Zawya, Schneider Electric, a global leader in digital transformation for energy management and automation, has made history by becoming the first to receive the IEC 62443-4-2 SL2 certification for its EcoStruxure IT NMC3 platform. The certification was granted after rigorous testing by TÜV Rheinland, an internationally recognized testing provider, which confirmed that Schneider Electric’s NMC3 met stringent cybersecurity standards.

This new cybersecurity milestone is not only a testament to Schneider Electric’s innovation but also represents a critical step forward for the security of data center and IT infrastructure. The certification covers increased resilience to potential cyberattacks, ensuring enhanced security for critical power and cooling systems managed by EcoStruxure IT. With cybersecurity threats ranking as the top business concern in the 2024 Allianz Risk Barometer, and the average cost of cyber incidents exceeding $4 million, robust cybersecurity measures have become indispensable to business continuity.

The Need for Stringent Security Standards: IEC 62443-4-2 SL2 and ISASecure® SDLA Compliance

IEC 62443-4-2 Security Level 2 certification provides more robust security requirements compared to SL1, which Schneider Electric’s EcoStruxure IT DCIM solutions obtained last year. This level is designed specifically for protecting industrial automation and control systems, which increasingly include data center management tools.

The IEC 62443 standard is critical because it encompasses multiple levels of cybersecurity protection to cover various threat scenarios. The Level 2 designation certifies that Schneider Electric’s EcoStruxure IT has implemented safeguards against intentional misuse, with a focus on network resilience and encryption capabilities. The certification also validates that the development of Schneider Electric’s EcoStruxure IT NMC3 follows the ISASecure® Secure Development Lifecycle Assurance (SDLA) standards, which assess the cybersecurity processes used to develop and update products.

By adhering to these certifications, Schneider Electric demonstrates its commitment to industry-leading security practices, providing customers with solutions that are certified to resist both evolving and existing cyber threats.

The New Firmware Tool: Streamlining Cybersecurity Compliance

One key feature Schneider Electric introduced to support these cybersecurity advancements is the Secure NMC System Tool. Recognizing that firmware management can be cumbersome, Schneider Electric developed this tool to simplify the update process for customers.

The Secure NMC System Tool automates firmware notifications, allowing users to know precisely when their devices require updates, reducing the time spent on firmware management by up to 90%. This tool provides data center managers with a systematic approach to keeping their systems updated, ensuring compliance with cybersecurity standards and significantly reducing potential vulnerabilities.

As Kevin Brown, Senior Vice President for EcoStruxure IT at Schneider Electric, noted, “EcoStruxure IT is providing customers with a powerful approach—the flexibility to manage their IT infrastructure as they choose, to do it simply, while also ensuring cybersecurity compliance. Being secure doesn’t mean it has to be difficult.”

10 Best Practices to Safeguard Critical Infrastructure from Cyber Threats

To ensure resilience against the rising tide of cyber threats, data center managers, IT professionals, and cybersecurity teams can take steps that align with the high standards Schneider Electric has set:

1. Implement Regular Firmware Updates: Use automated tools to ensure firmware updates are installed promptly, minimizing security risks.
2. Adopt Advanced Encryption Standards: Encrypt sensitive data within network management tools to prevent unauthorized access.
3. Adhere to Cybersecurity Standards: Select products certified to cybersecurity standards, such as IEC 62443-4-2, to ensure robust protection.
4. Conduct Frequent Security Audits: Periodically review and test systems to identify and mitigate potential vulnerabilities.
5. Employ Network Segmentation: Isolate critical systems to limit unauthorized access and contain potential breaches.
6. Use Strong Access Controls: Limit access to essential personnel and employ two-factor authentication where possible.
7. Educate Staff on Cyber Hygiene: Train employees to recognize phishing, social engineering, and other cyber threats that target critical infrastructure.
8. Deploy a Web Application Firewall (WAF): Protect web applications from common attacks, including SQL injection, cross-site scripting, and DDoS.
9. Monitor Network Traffic in Real-Time: Use intrusion detection and prevention systems to detect unusual activity early.
10. Implement a Secure Development Lifecycle (SDL): Adopt an SDL to address security from the initial design phase through production, as Schneider Electric has done with ISASecure® SDLA.

Conclusion

Schneider Electric’s IEC 62443-4-2 SL2 certification for the EcoStruxure IT DCIM solution is a monumental step toward safeguarding data center environments. By securing this industry-first certification, Schneider Electric is setting a new benchmark for cybersecurity within critical infrastructure, paving the way for future advancements in data center security and automation. The enhanced security measures and development practices showcased in the EcoStruxure IT Network Management Card 3 serve as a model for cybersecurity in data centers, empowering organizations to address vulnerabilities proactively and maintain the resilience needed in an increasingly complex threat landscape.

Want to stay on top of cybersecurity news? Follow us on Facebook – X (Twitter) – Instagram – LinkedIn – for the latest threats, insights, and updates!