The IEC 62443 series of standards deals with the IT security of industrial automation and control systems (IACS). It is based on established standards such as the IT security standard ISO/IEC 27001 and is specified in cooperation with the American standardization committee ISA (“International Society of Automation”). The European standard is therefore essentially the same as the American ISA 99 series of standards. In Europe, IEC 62443 is now regarded as a cross-industry standard for a wide variety of installations, operations and systems.
Content
- Who is affected by the standard?
- Brief overview of the individual parts of the series of standards
- What approach does IEC 62443 follow?
- Defense in Depth
- Security Level (SL)
- Three roles: Manufacturers, integrators, operators
- Sources of supply
- Support for the development and operation of cyber-secure IACS
Who is affected by the standard?
IEC 62443 is aimed at manufacturers, operators and integrators of industrial automation and control systems. The focus of the series of standards is on operational technology (OT) - in contrast to the standards of the ISO/IEC 27000 series, which primarily relate to the IT infrastructure. The aim of IEC 62443 is to support manufacturers, operators and integrators in increasing the security objectives of availability, integrity and confidentiality for components and systems in industrial environments. It offers role-specific recommendations on how to identify and eliminate vulnerabilities in IACS.
Brief overview of the individual parts of the standards series
The IEC 62443 series of standards is quite extensive and individual parts are still under development. It currently (2024) consists of four parts. A further part (the Technical Specification IEC 62443-6) on evaluation methodology is currently at the draft stage.
Part 1: General principles
- IEC 62443-1-1: Definition of terminology, concepts and models for the safety of industrial automation and control systems
- IEC 62443-1-2 (in draft form): Definitions of terms
- IEC 62443-1-3 (in draft): Metrics for the assessment of IT security
- IEC 62443-1-4 (in draft): Description of the security lifecycle and various use cases
Part 2: Policies and procedures
- IEC 62443-2-1: Requirements for an IT security management system (ISMS) - with references to ISO/IEC 27000
- IEC 62443-2-2 (in draft form): Framework for evaluating the protection of an IACS (as a basis for evaluating the defense-in-depth strategy)
- IEC 62443-2-3: Patch management
- IEC 62443-2-4: Guidelines, requirements and procedures for integrators and maintenance service providers
- IEC 62443-2-5 (planned): Implementation guidance for operators
Part 3: Requirements for IACS
- IEC 62443-3-1: Description of basic technologies (authentication, encryption, etc.)
- IEC 62443-3-2: Sequence of the safety analysis and structuring of a system into zones and zone transitions (“conduits”; see below)
- IEC 62443-3-2: Foundational requirements, e.g. for authentication control, user management or system integrity
Part 4: Requirements for automation components
- IEC 62443-4-1: Definition of a secure development process for products used in IACS
- IEC 62443-4-2: Detailed requirements for components (software applications, host devices, embedded systems, network components)
Source: ISA
What approach does IEC 62443 follow?
A central requirement of the standard is to always consider IT security (cybersecurity) with a view to the overall system. The aim is to continuously improve the security level of the system. It makes it clear that IT security in an industrial environment is only possible if the entire life cycle of products and systems is taken into account.
Defense in Depth
Attackers can find various ways into an IACS - directly via the internet or indirectly, for example via compromised systems in the same network, compromised smartphones or via gullible employees. ISO/IEC 62443 pursues a defense-in-depth approach to take account of the large number of possible points of attack at different levels. Based on a detailed threat and vulnerability analysis, the entire network is segmented into different security zones and these zones themselves and the transitions or communication channels (“conduits”) between them are secured separately.
Security Level (SL)
Zones and communication channels should each be assigned an individual security level (SL) depending on their level of protection and the expected threats. The different levels indicate the level of protection against different types of threats or attackers. The higher the level, the more demanding the required security measures.
- SL 0: No special protection required
- SL 1: Protection against unintentional or accidental misuse
- SL 2: Protection against intentional misuse with simple means, low resources, general skills and low motivation
- SL 3: Safeguarding against intentional misuse with advanced means, moderate resources, specific IACS skills and moderate motivation
- SL 4: Safeguarding against intended misuse with advanced means, extensive resources, expert IACS knowledge and high motivation
Taking into account the native security level (Security-Level-Capability, SL-C) of a system or component and a threat and risk analysis, the operator determines the desired security level (Security-Level-Target, SL-T) of a system as well as the zones and conduits. Manufacturers and integrators implement the SL-T accordingly.
Three roles: Manufacturers, integrators, operators
IEC 62443 distinguishes between three basic roles - manufacturers, system integrators and system operators. Specific security requirements apply to each of these roles.
If a manufacturing company wants to purchase a new, networked machine or system as an operator, it must create organizational and technical framework conditions (user concept, network segments, etc.) in advance, determine the protection requirements of the new machine and define a target SL (SL-T). In addition, the operator must ensure that the firmware and software are up-to-date and check their machines and systems for potential vulnerabilities via vulnerability monitoring and regular security audits (at least once a year, depending on the criticality of the component).
The manufacturer is obliged to design its product (machine, system) so securely that it can always be used as intended and to prove to the operator that the product has the necessary security features. In addition, he must ensure that the resistance can be maintained throughout the entire life cycle under changing security conditions: It must inform operators and integrators of newly discovered or emerging risks and provide patches and updates where necessary.
During implementation, the integrator is responsible for ensuring that each component, machine or system functions in accordance with the defined requirements. They are obliged to implement the necessary measures based on the manufacturer's information and to ensure that the firmware and software are up to date.
Sources of supply
All parts of IEC 62443 can be purchased from DIN Media (formerly Beuth Publishing) VDE-Publishing.
Support in the development and operation of cyber-secure IAC
NewTec's security experts have experience in identifying, assessing and protecting against potential threats in Industry 4.0 environments. Based on decades of development work for security-oriented embedded systems, Newtec has developed a structured process to support companies in comprehensively securing their products and production environments.
We support manufacturers and operators with comprehensive advice on security management processes in accordance with IEC 62443-4. We are your partner for a structured safety and security risk assessment (also with regard to a patch and update system) and for secure system integration and the engineering of cyber-secure embedded systems. In addition to IEC 62443, we also incorporate BSI guidelines and other standards and best practices.
Questions? Get in touch with us: Contact.
Or give us a call on +49 7302 9611-0.