Application of IEC 62443 for IoT Components
Internet technology has changed how people live, work, connect and learn. It connects machines, devices, sensors, and people and enables communication. This enabled a revolution in the industrial perspective, which is named “Industry 4.0.” Industry 4.0 is the application of automation and data exchange in manufacturing technologies. This rapid progression of industrial systems towards internet based production networks needs a flexible framework that facilitates addressing current and future vulnerabilities in Industrial Automation Control Systems (IACS). IEC 62443 series provides a standard methodology for building a secure infrastructure, which adapts the security requirements needed by IACS. The basic approach defined in the standard is to break down the system components into zones and conduits based on required security levels. This paper reuses this idea on a small scale to show how the same concept can be used to define zones and conduits between mixed-criticality IoT components to improve the security on component level. The MORETO tool, which is currently under development by AIT, supports the security risk analysis process.
KeywordsCyber-physical Production Systems Industrial Automation Control Systems Internet of Things Supervisory Control and Data Acquisition
This work has received funding from the SemI40 and AQUAS project, under grant agreement No. 692466 and No. 737475. The project is co-funded by grants from Austria, Germany, Italy, France, Portugal and ECSEL JU.
- 1.Ma, Z., Hudic, A., Shaaban, A., Plosz, S.: Security viewpoint in a reference architecture model for cyber-physical production systems. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 153–159. IEEE (2017)Google Scholar
- 2.Shahzad, A., Kim, Y.-G., Elgamoudi, A.: Secure IoT platform for industrial control systems. In: 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6. IEEE (2017)Google Scholar
- 4.IT/OT Executive Series: What you need to know about - networking. https://www.cogentind.com/it-ot-networking/
- 5.OVE Osterreichischer Verband fur Elektrotechnik. Industrial communication networks – Security for industrial automation and control systems, Part 4-2: Technical security requirements for IACS components. Technical report, IEC standards, June 2017Google Scholar
- 6.ISA. The 62443 series of standards: Industrial automation and control systems security, (1–4) (2018)Google Scholar
- 7.Security Levels in ISA-99 / IEC 62443. ISA 99 security levels proposal. https://www.scribd.com/document/129590220/ISA-99-SecurityLevels-Proposal/
- 8.Ristaino, A.: Industrial automation cyber security conformity assessments. http://www.isasecure.org/en-US/Articles/Industrial-automation-cybersecurity-conformity-ass
- 9.Enterprise Architect: Enterprise architect by sparx systems. https://www.sparxsystems.eu/start/home/
- 10.Enterprise Architect Sparx Systems. Model driven generation (MDG) technologies. http://www.sparxsystems.com/resources/mdg_tech/