0% found this document useful (0 votes)
430 views1 page

The ISA/IEC 62443 Series: Security For Industrial Automation and Control Systems (IACS)

The document discusses roles and responsibilities related to industrial automation and control systems (IACS). It outlines principal roles including asset owners, operators, maintenance providers, and integration service providers. It also describes IACS technologies as central to critical infrastructure and how implementing IEC 62443 security standards can help mitigate cyberattacks by taking a holistic approach to bridging operations and information technology.

Uploaded by

tmendis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
430 views1 page

The ISA/IEC 62443 Series: Security For Industrial Automation and Control Systems (IACS)

The document discusses roles and responsibilities related to industrial automation and control systems (IACS). It outlines principal roles including asset owners, operators, maintenance providers, and integration service providers. It also describes IACS technologies as central to critical infrastructure and how implementing IEC 62443 security standards can help mitigate cyberattacks by taking a holistic approach to bridging operations and information technology.

Uploaded by

tmendis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

‎Is accountable and responsible for the IACS

‎Asset Owner
‎The operator of the IACS and the Equipment Under Control

‎Provides support activities for an Automation Solution ‎Maintenance Service Provider ‎Principal
‎Provides integration activities for an Automation Solution including design, ‎Roles ‎Developed to secure industrial automation and control systems (IACS) throughout their lifecycle
‎installation, configuration, testing, commissioning, and handover to the Asset Owner
‎Integration Service Provider
‎IACS technologies are central to critical infrastructure
‎Manufactures and supports a hardware and/or software product ‎Product Supplier
‎Implementing IEC 62443 can mitigate the effects and often prevent successful cyber-attacks
‎IACS and Automation Solution
‎ he series approaches the cybersecurity challenge in a holistic way, bridging the gap between
T
‎Security Program (ISMS/CSMS)
‎operations and information technology; and between process safety and cybersecurity
‎Identification
‎1. Concept ‎IS – International Standard
‎Concept
‎Intro ‎The document types ‎TR – Technical Report
‎Definition ‎2. Functional analysis
‎TS – Technical Specification
‎Functional design
‎Security maturity I‎ ndustrial Automation and ‎ ollection of personnel, hardware, software, and policies involved in the operation of the
C
‎Detailed design ‎3. Implementation ‎Control Systems (IACS) ‎industrial process and that can affect or influence its safe, secure, and reliable operation
‎phases and Steps
‎Construction ‎Security ‎Prevention of illegal or unwanted penetration of, or interference with the proper and intended operation of an IACS

‎Operations ‎ ctions required to preclude unauthorized use of, denial of service to, modifications to,
A
‎4. Operations ‎Cybersecurity ‎disclosure of, loss of revenue from, or destruction of critical systems or informational assets
‎Compliance monitoring
‎ ype of loosely coupled distributed monitoring and control system commonly
T
‎Disposal ‎ upervisory control and data acquisition
S
‎associated with electric power transmission and distribution systems, oil and
‎5. Recycle and disposal ‎system (SCADA system) ‎gas pipelines, and water and sewage systems
‎Dissolution

‎Risk Assessment / Threat-risk assessment ‎More predictable failure modes

‎Control access to selected devices, information or both to protect


‎against unauthorized interrogation of the device or information
‎FR1. Access Control (AC) ‎The ISA/IEC 62443 series: ‎Tighter time-criticality and determinism

‎ haracteristics of
C
‎ ontrol use of selected devices, information or both to protect
C
‎against unauthorized operation of the device or use of information
‎FR2. Use Control (UC) ‎Security for industrial ‎IACS that are not
‎Higher availability

‎More rigorous management of change


‎Ensure the integrity of data on selected communication
‎channels to protect against unauthorized changes
‎FR3. Data Integrity (DI) ‎automation and control ‎typical in IT
‎systems include: ‎Longer time periods between maintenance
‎ oundational
F
‎Ensure the confidentiality of data on selected communication
‎channels to protect against eavesdropping
‎FR4. Data Confidentiality (DC) ‎Requirements (FRs)
‎for security in IACS
‎systems (IACS) ‎Significantly longer component lifetimes

‎Restrict the flow of data on communication channels to protect


‎FR5. Restrict Data Flow (RDF) ‎Safety, Integrity, Availability, and Confidentiality (SIAC) instead of CIA
‎against the publication of information to unauthorized sources 1.1 13.09.2023 www.patreon.com/AndreyProzorov
‎ espond to security violations by notifying the proper authority, reporting
R
‎needed forensic evidence of the violation, and automatically taking timely ‎FR6. Timely Response to Event (TRE) ‎IEC TS 62443-1-1:2009
‎corrective action in mission-critical or safety-critical situations
‎Key ‎1-1: Terminology, concepts and models
I‎ ndustrial communication networks - Network and system security -
‎Ensure the availability of all network resources to
‎protect against denial of service attacks
‎FR7. Resource Availability (RA) ‎Concepts ‎Part 1-1: Terminology, concepts and models

‎Security zone: Grouping of logical or physical assets that share common security requirements ‎1. General ‎1-2: Master glossary of terms and definitions
‎Zones and Conduits
‎A Conduit is defined as a logical grouping of communication channels ‎1-3: System security conformance metrics
‎that share common security requirements connecting two or more zones.

‎1-4: IACS security lifecycle and use cases


‎Inherent
‎Technical ‎IEC 62443-2-1:2010
‎Compensating
‎2-1: Establishing an IACS security program
I‎ ndustrial communication networks - Network and system security -
‎Associated ‎Part 2-1: Establishing an industrial automation and control system security program
‎Organizational ‎Security Measure
‎Compensating ‎2-2: IACS security program ratings
‎Physical ‎IEC TR 62443-2-3:2015
‎2. Policies and
‎2-3: Patch management in the IACS environment
‎No special requirement or protection required ‎SL0 ‎procedures ‎ ecurity for industrial automation and control systems -
S
‎Part 2-3: Patch management in the IACS environment
‎Protection against unintentional or accidental misuse ‎SL1 IACS security
‎IEC 62443-2-4:2023
‎ -4: Security program requirements
2
‎Protection against intentional misuse by simple means with
‎few resources, general skills and low motivation
‎SL2 ‎for IACS service providers ‎ ecurity for industrial automation and control systems -
S

‎Security Level ‎Parts ‎Part 2-4: Security program requirements for IACS service providers
‎ rotection against intentional misuse by sophisticated means with
P
‎moderate resources, IACS-specific knowledge and moderate motivation
‎SL3 ‎2-5: Implementation guidance for IACS asset owners
‎Protection against intentional misuse using sophisticated means with ‎IEC TR 62443-3-1:2009
‎extensive resources, IACS-specific knowledge and high motivation
‎SL4
‎3-1: Security technologies for IACS
I‎ ndustrial communication networks - Network and system security -
‎SL-T (target) / SL-A (achieved) / SL-C (capability) ‎Part 3-1: Security technologies for industrial automation and control systems

‎IEC 62443-3-2:2020
‎Ad-hoc process ‎1. Initial ‎3. System
‎3-2: Security risk assessment for system design
‎Requirements ‎ ecurity for industrial automation and control systems -
S
‎Documented process, but not necessarily repeatable ‎2. Managed ‎Part 3-2: Security risk assessment for system design
‎Maturity Levels
‎Documented process that is repeatable and consistently followed ‎3. Defined (Practiced) ‎IEC 62443-3-3:2013
‎3-3: System security requirements and security levels
I‎ ndustrial communication networks - Network and system security -
‎Documented process that is repeatable, consistently followed, measured, and steadily improved ‎4. Improving ‎Part 3-3: System security requirements and security levels

‎Secure by Design ‎IEC 62443-4-1:2018


‎4-1: Secure product development lifecycle requirements
‎Multiple countermeasures in a layered or stepwise manner ‎Defense in Depth ‎ ecurity for industrial automation and control systems -
S
‎Design Principles ‎4. Components ‎Part 4-1: Secure product development lifecycle requirements

‎Reduce Attack Surface ‎Requirements ‎IEC 62443-4-2:2019


‎4-2: Technical security requirements for IACS components
‎Essential Functions IACS products ‎ ecurity for industrial automation and control systems -
S
‎Part 4-2: Technical security requirements for IACS components
‎Policies / Procedures / Guidelines (non mandatory) ‎Policies

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy