ISA/IEC 62443 adoption: Breaking barriers across Asset owners, Integrators and OEMs

Just in case there’s a barrier… let’s talk about it.

ISA/IEC 62443 is fast becoming the global benchmark for securing Industrial Automation and Control Systems (IACS)—a foundational pillar of Operational Technology (OT) cybersecurity. While the standard is well-established, the focus now is on increasing its adoption across diverse industrial sectors by understanding what different stakeholders need to implement it effectively.        

 To support this goal, I reached out to the community.

 I ran three LinkedIn polls, each focused on a specific IACS stakeholder group:

•  Asset Owners
• System Integrators
• Product OEMs

 The goal? To identify what’s making IEC 62443 adoption difficult, and to help spark better conversations on how to move forward.

 Poll 1: Asset Owners

 Just in case you see a barrier in adopting IEC 62443, what would it most likely be?

•  Budget limitations – 38%
• Lack of internal expertise – 38%
• Vendor non-compliance – 10%
• Operational disruption fears – 14%

 Community insight:

 “One more critical factor worth considering is the challenge posed by the existing older legacy system/sub-system installed base. It often limits seamless adoption.”

 Poll 2: System Integrators

 Just in case there’s a challenge with IEC 62443 implementation, what is it likely related to?

•  Varying client maturity – 52%
• Issue with SL definitions – 26%
• Limited certified products – 17%
• Aligning project timelines – 5%

 Participant feedback:

 “As an early adopter, I’ve seen a tie between client maturity and SL definitions. There’s still no standard on how to assign SLs to zones—especially in multi-zone deployments.”

“We should also consider limited project budgets as a key constraint.”

Poll 3: Product OEMs

 Just in case there’s a hindrance to IEC 62443 certification, what’s the most probable cause?

•  Complexity of SL design – 41%
• High test/implementation costs – 27%
• Limited customer demand – 18%
• Long certification timelines – 14%

 Critical comment:

 “We need to reset expectations. Certification under 62443 applies to a narrow subset of the standard. The broader journey—covering secure design, SL roadmaps, and assurance—is often contractual, not certifiable. SL levels aren’t plug-and-play.”

 Final Reflections

 These poll results are telling. While ISA/IEC 62443 continues to gain traction, increasing its adoption requires that we address the practical challenges each stakeholder faces:

•  Asset owners need support overcoming skills gaps and budget constraints.
• System integrators face misaligned client maturity and inconsistent SL interpretations.
• OEMs deal with design complexity, unclear ROI, and certification fatigue.

 But there’s good news:

ISA/IEC 62443 is evolving. The standard is continuously refined to better meet stakeholder needs through more precise guidance, simplified implementation models, or updated certification frameworks. It’s responding to the lessons learned in the field and adapting to reduce friction across the ecosystem.

In the end, it’s not about checking a box—it’s about building a resilient and secure industrial future.

 Let’s open the dialogue.

What’s your experience been with ISA/IEC 62443 adoption or certification?

Drop a comment, vote in the polls, or share this in your network.

#IEC62443 #OTSecurity #CyberResilience #ICS #IACS #CyberStandards #SecureByDesign #AssetOwners #SystemIntegrators #ProductOEMs #IndustrialCybersecurity #CyberRisk #OperationalTechnology

Note- All the comments and posts I share are my opinions and views and do not necessarily represent those of my employer or any affiliated organisations. Thank you for your support and understanding