Application of IEC 62443 for IoT Components

  • Abdelkader Magdy ShaabanEmail author
  • Erwin Kristen
  • Christoph Schmittner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)


Internet technology has changed how people live, work, connect and learn. It connects machines, devices, sensors, and people and enables communication. This enabled a revolution in the industrial perspective, which is named “Industry 4.0.” Industry 4.0 is the application of automation and data exchange in manufacturing technologies. This rapid progression of industrial systems towards internet based production networks needs a flexible framework that facilitates addressing current and future vulnerabilities in Industrial Automation Control Systems (IACS). IEC 62443 series provides a standard methodology for building a secure infrastructure, which adapts the security requirements needed by IACS. The basic approach defined in the standard is to break down the system components into zones and conduits based on required security levels. This paper reuses this idea on a small scale to show how the same concept can be used to define zones and conduits between mixed-criticality IoT components to improve the security on component level. The MORETO tool, which is currently under development by AIT, supports the security risk analysis process.


Cyber-physical Production Systems Industrial Automation Control Systems Internet of Things Supervisory Control and Data Acquisition 



This work has received funding from the SemI40 and AQUAS project, under grant agreement No. 692466 and No. 737475. The project is co-funded by grants from Austria, Germany, Italy, France, Portugal and ECSEL JU.


  1. 1.
    Ma, Z., Hudic, A., Shaaban, A., Plosz, S.: Security viewpoint in a reference architecture model for cyber-physical production systems. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 153–159. IEEE (2017)Google Scholar
  2. 2.
    Shahzad, A., Kim, Y.-G., Elgamoudi, A.: Secure IoT platform for industrial control systems. In: 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6. IEEE (2017)Google Scholar
  3. 3.
    Williams, T.J.: The Purdue enterprise reference architecture. Comput. Ind. 24(2–3), 141–158 (1994)CrossRefGoogle Scholar
  4. 4.
    IT/OT Executive Series: What you need to know about - networking.
  5. 5.
    OVE Osterreichischer Verband fur Elektrotechnik. Industrial communication networks – Security for industrial automation and control systems, Part 4-2: Technical security requirements for IACS components. Technical report, IEC standards, June 2017Google Scholar
  6. 6.
    ISA. The 62443 series of standards: Industrial automation and control systems security, (1–4) (2018)Google Scholar
  7. 7.
    Security Levels in ISA-99 / IEC 62443. ISA 99 security levels proposal.
  8. 8.
    Ristaino, A.: Industrial automation cyber security conformity assessments.
  9. 9.
    Enterprise Architect: Enterprise architect by sparx systems.
  10. 10.
    Enterprise Architect Sparx Systems. Model driven generation (MDG) technologies.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Abdelkader Magdy Shaaban
    • 1
    Email author
  • Erwin Kristen
    • 1
  • Christoph Schmittner
    • 1
  1. 1.AIT Austrian Institute of TechnologyViennaAustria

Personalised recommendations