Secure by Design

The goal here is to make sure that security bugs or vulnerabilities are not present in new software.

To accomplish this, cyber security must be a factor from the very start of product design. And through

all phases, from creating the specification, through writing the code, and testing the product.

A securebydesign philosophy manifests itself as security training, code reviews and walkthroughs,

threat analysis, and robustness testing of products.Security is integrated in ABB’s quality management

system. Formal threat analysis and threat modelling provide the basis for security

requirements and design principles for the system.

Security checkpoints at project gates ensure that security objectives are met.

One key element of this process is our independent robustness test lab, the ABB Device

Security Assurance Center, where our products are tested. This laboratory is run by dedicated

personnel who are not part of any product development team. They use several specialized

security testing tools, for example Achilles Test Platform and Nessus scanners.

In addition to our adoption of SD3+C Security Framework and extensive internal testing

performed by ABB’s Device Security Assurance Center (DSAC), ABB has embraced third party

security certification to IEC62443 standard by ISA Secure Certification Institute (ISCI),

Symphony Plus security features are designed to meet regulatory requirements and includes

features to help enable compliance such as user account management, rolebased access control,

user authentication, audit trail, etc.