This whitepaper offers a detailed, real-world account of how the certMILS project (Webpage) approached security certification for industrial cyber-physical systems (ICPS). It focuses on three industrial pilots—railway safety systems, subway communication infrastructure, and smart grid components—each with distinct security requirements and operational contexts.
Drawing on these use cases, the paper outlines how Common Criteria (ISO/IEC 15408) and IEC 62443 standards were applied to Commercial Off-The-Shelf (COTS) hardware and software using a separation kernel-based architecture. The authors reflect on the challenges and practical decisions made during the certification process, including:
- How to apply Common Criteria to a modular, reusable platform
- Strategies for aligning IEC 62443 requirements with legacy systems and integrator constraints
- Lessons learned from working with certification bodies and industrial stakeholders
- Key architectural patterns—like MILS (Multiple Independent Levels of Security)—that enabled reuse, flexibility, and composability in secure system design
The paper also provides practical recommendations for other organizations seeking to reuse certified components, reduce certification cost and complexity, and bridge the gap between safety and security in critical infrastructure.
Download the Whitepaper
Twitter
LinkedIn
Facebook
Reddit
RSS
Copy link
