Back to top

Why these seven numbers mean increasingly more secure digital services

It might not be a catchy name, but IEC 62443-4-1 is an international standard for secure product development life-cycle requirements in industrial automation and control systems. Now that KONE has achieved certification in it, customers know they can sleep a little easier.

October 26, 2021

Once upon a time, KONE's job was pretty much done when an elevator had been installed into a building and a maintenance engineer would show up periodically to make sure that it went up and down, or when the team would take on modernization projects

While this solid foundation remains, with quality being among the top reasons why customers choose KONE, fast-forward to today’s world of smart digital experience elevators and connected entry systems, and the landscape is dramatically different.

While advances in technology often make life simpler and more efficient, they also provide tempting opportunities for cyberattackers. As a result, it can seem like work in this sprawling digital arena is never done.

"When it comes to cybersecurity, you can always claim something is secure," says Mika Katara, IoT security manager at KONE, "but how do customers really know that it is? If you have some kind of incident, then of course they will know that there is a security problem, but otherwise, it’s very hard for a customer to know how secure a system is."

KONE is the first company in its industry to achieve the IEC 62443 4-1 cybersecurity certification.
KONE is the first company in its industry to achieve the IEC 62443 4-1 cybersecurity certification.

A challenge becomes an opportunity

Over the past few years, KONE has set out to address this uncertainty, turning the challenge into an opportunity to create and develop solutions that are as secure as they can be. As Katara proudly points out, KONE now boasts IEC 62443-4-1 certification, which confirms improved cybersecurity processes and industry-wide best practices.

"It helps us to build our systems in a way that ensures security by default," says Katara. "It gives us the framework to develop them so that they are as secure as possible, right down to contemplating the target profile of the potential attacker."

This, he explains, is important. Not every project needs top-tier cybersecurity built into it – especially when there is a cost involved. There's a difference between the level you might need in a small, three-story residential development and, say, an airport.

"We also need to have an incident response process so that if there is a cybersecurity problem, then we have a system in place to deal with it," says Katara. "This standard also helps with that."

The convenience of technology doesn’t need to be sacrificed to improve cybersecurity – you can have both.
The convenience of technology doesn’t need to be sacrificed to improve cybersecurity – you can have both.

A common language for everyone

IEC 62443 is especially helpful when working with partner companies, as is typically the case when KONE is involved in a project. Jana Adams, cybersecurity expert at TÜV Rheinland, who awarded KONE's certification, notes that one thing the standard sets out to do is enable "all entities to work together, meaning that the operator gets a secure system, which consists of secure components."

Katara adds that it also gives all parties the opportunity to be precise in the language they use. "It means that we're all on the same page," he says. "When a customer says they want protection at a specific level, for example, we can all check against the standard and know what that means."

KONE is the first company in its industry to achieve IEC 62443-4-1 certification. Being able to discuss what this means with potential customers is something that Adams feels is sure to be appealing.

"The trust in certified systems is higher because there has been an external party confirming the security," she says. "Beyond that, an organization with certified processes – like KONE – has proven to be able to swiftly react to changes in the cyberattack landscape."

Using established standards to improve cybersecurity helps ensure that all parties are on the same page.
Using established standards to improve cybersecurity helps ensure that all parties are on the same page.

Cybersecurity is an ongoing effort

Across KONE, the effort to build systems that outfox cybercriminals remains an ongoing priority. The next step, says Katara, is to develop an industry-specific ISO standard which will help to make security even more robust.

"Our aim is to make sure that customers understand that KONE is handling cybersecurity in the best possible manner, based on established standards," he says. "Ultimately, we want our customers to trust that when they choose KONE for a project, we have security covered.”

Share this page

WELCOME TO KONE!

Are you interested in KONE as a corporate business or a career opportunity?

Corporate site

Would you like to find out more about the solutions available in your area, including the local contact information, on your respective KONE website?

Your suggested website is

United States

Go to your suggested website