This is my archive

Zones and conduits (with protection needs analysis) 

Zones and conduits (with protection needs analysis)  What is a zone? A complete plant is difficult to grasp or categorize in terms of possible threats and necessary security measures. For this reason, the IEC 62443 standard divides a complete system into so-called zones. In terms of the standard,… Read More

Security levels 

Security levels  Security levels according to IEC 62443-3-3 To categorize the severity of potential threads, protection classes are available for the various data classes a zone stores/processes or a conduit transmits. This is the basis for the required level of protection of an entire zone or conduit. In… Read More

Least privilege concept

Least privilege concept The concept of “least privilege” is a basic security concept: Every access and execution right to components and data in your ICS should be restricted to the maximum possible extend for each user. In doing so, care must be taken to ensure that the availability… Read More

Foundational requirements (FR) and system requirements (SR) 

Foundational requirements (FR) and system requirements (SR)  Foundational requirements (FR) The IEC 62443 standard defines seven foundational requirements (FR). These are basic requirements regarding the security of an ICS. They are addressed to all stakeholders of a plant and used throughout the standard. FR1: Identification and authentication… Read More

Defense-in-Depth concept 

Defense-in-Depth concept  Purpose of the Defense-in-Depth concept A suitable approach to counter manifold cyber threats is a Defense-in-Depth strategy, for example in accordance with the IEC 62443 standard. This means that a holistic approach must include a combination of technological and organizational measures. Furthermore, a defense system… Read More

Concepts & tools based on IEC 62443

Concepts & tools based on IEC 62443 The following topics describe concepts and tools defined in the IEC 62443 standard: Least privilege concept Defense-in-Depth concept Zones and conduits (with protection needs analysis) Data classification & protection needs Security levels (SLs) Foundational requirements (FR) and system requirements… Read More

Security-relevant laws and industrial standards 

Security-relevant laws and industrial standards  It is important to understand that IT security is not only a new “product feature” that a vendor can implement more or less well at its own discretion. Instead, the integration of security features into automation equipment, systems and components is now required… Read More

ISO/IEC 27001 standard: security for traditional IT systems 

ISO/IEC 27001 standard: security for traditional IT systems  ISO/IEC 27001 is the leading international and most important standard regarding cyber-security of Information Technology (IT) systems. It describes the implementation of an Information Security Management System (ISMS) by providing clear guidelines for planning, implementing, monitoring, and improving your information… Read More

Data classification & protection needs

Data classification & protection needs The central task for a threat-risk-assessment is the classification of data which is stored/processed in a zone and transmitted between zones via conduits. This classification is done in two steps: Identification of the data available in your system. Classification of… Read More

360° security – the holistic approach 

360° security – the holistic approach  Comprehensive and sufficient security is not achieved by implementing only (one) technical measures in the system. An adequate security concept must include the technology used, defined processes, and the people involved, i.e., it must specify both technological and organizational measures. Security… Read More