With Industry 4.0, cyber physical systems are connected and need of the day is to ensure protection of these systems from any security threats generated internally and externally. ISA/IEC 62443 4-1 defines the practices for Secure product development lifecycle requirements. The objective here is to defence against negligent and wilful actions to protect devices and facilities. The Secure development lifecycle (SDL) process activities includes security requirements definition, secure design, secure implementation with application of coding guidelines, verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. The process activities are initiated by identifying the secure components and performing a risk assessment on it, with respect to security threats while developing and deploying the product.
The process will help to ensure that the security capabilities are implemented correctly in the product
and that any known security vulnerabilities in the product are eliminated or mitigated. As far as we are looking from the perspective of minimising the risk originated from a security threat, we can assure a level of confidence in the product.