Scroll down
Back to home

INDUSTRIAL CONTROL SYSTEM
SECURITY

Let's start
INDUSTRIAL CONTROL SYSTEM
SECURITY

Protecting Industrial Control Systems against Cyberattacks became more important than ever before. With the increase in the number of cyberattacks against Industrial Control Systems, the inadequacy of the security of industrial networks has become apparent. In response, nations and industries have created new security standards that focus on the requirements of IACS networks.

 

The ISA/IEC 62443 | INDUSTRIAL CONTROL SYSTEM SECURITY | series of standards is intended to assist in the safe operation of industrial automation systems (ICS systems) - from design to implementation. ISA/IEC 62443 complements the ISO 27001 standard, which mainly covers IT security regulations. Together, the two standards provide a unified approach to protecting companies from cyber threats.

 

ISA/IEC 62443 series of standards was created to provide an easy-to-use, achievable model to handle risks and mitigate cybersecurity threats.

 

The three types of organizational roles that have the responsibility to respond to the new series of standards are:
 

  • Asset Owner | End-user - Owns and operates one or more IACS
    - Easy to define a target security level
    - Offers a frame of reference to evaluate existing security

     
  • System Integrator | Implementor - Builds IACS for the Asset owner
    - Clear understanding of security requirements
    - Simple to define a system security capability

     
  • Product Manufacturer | Supplier - Designs and creates the components for the System Integrator to build IACS.
    - Simple to define a product security capability
    - Easy to differentiate from competitors

 

 

The standards fall into four categories: General, Policies and Procedures, System, Component, which are denoted by the suffixes from 1 to 4.
 

  • GENERAL (62443-1) - Overview of the ISA/IEC 62443 security process.
     
  • POLICIES AND PROCEDURES (62443-2) - Guidance for creating and maintaining a secure system.
     
  • SYSTEM (62443-3) – Includes cybersecurity technologies, risk assessment methods for system design along with the description of system security requirements and security levels
     
  • COMPONENT (62443-4) - Describes the technical functionality levels and development life cycle requirements for IACS components.

 

The different parts of the standard are grouped into four clusters:
 

General

Part 1 covers topics that are common to the entire series:

1-1 (TS): Terminology, concepts and models


Policies and procedures

Part 2 focuses on methods and processes associated with IACS security:

2-1: Establishing an IACS security program
2-3 (TR): Patch management in the IACS environment
2-4: Security program requirements for IACS service providers


System

Part 3 is about requirements at the system level:

3-1: Security technologies for IACS
3-2: Security risk assessment for system design
3-3: System security requirements and security levels


Components and requirements

Part 4 provides detailed requirements for IACS products:

4-1: Secure product development lifecycle requirements
4-2: Technical security requirements for IACS components

 

PROCESSES
INFORMATIVE

FUNCTIONAL REQUIREMENTS

 

 

The ISA/IEC 62443 describes 4 levels of security functionality:

 

  • SL 1 – Protection against casual or coincidental violation

 

  • SL 2 – Protection against intentional violation using simple means with low resources, generic skills and low motivation

 

  • SL 3 – Protection against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation

 

  • SL 4 – Protection against intentional violation using sophisticated means with extended resources, IACS specific skills and high motivation

 

 

CCLAB is ready to provide the following services in order to conform and comply with the desired standards and security levels:


-    Complete evaluation and certification lifecycle management

-    Comprehensive consulting services 

-    Cyber security threat analysis and risk assessment 

-    Gap analysis and readiness assessment

-    Online and on-site workshops

-    Documentation review

-    Process support by auditors

 

With joint efforts with our partners within and outside of QTICS Group we provide:


-    Various Risk Assessment and Asset Management services

-    Design Reviews

-    Process Safety Evaluations

-    HAZOP Studies 

-    Safety Integrity Level evaluations 

-    ISO 55001 - Asset Management Conformance
 

 

 

You don’t have enough information about Industrial Control System Security? Check our FAQ
 

Do you need support for your Industrial Control System Security project? CONTACT US

ARE YOU INTERESTED? GET IN TOUCH WITH US!

Contact