Zones and conduits (with protection needs analysis) What is a zone? A complete plant is difficult to grasp or categorize in terms of possible threats and necessary security measures. For this reason, the IEC 62443 standard divides a complete system into so-called zones. In terms of the standard,… Read More
Security levels Security levels according to IEC 62443-3-3 To categorize the severity of potential threads, protection classes are available for the various data classes a zone stores/processes or a conduit transmits. This is the basis for the required level of protection of an entire zone or conduit. In… Read More
Data classification & protection needs The central task for a threat-risk-assessment is the classification of data which is stored/processed in a zone and transmitted between zones via conduits. This classification is done in two steps: Identification of the data available in your system. Classification of… Read More
Least privilege concept The concept of “least privilege” is a basic security concept: Every access and execution right to components and data in your ICS should be restricted to the maximum possible extend for each user. In doing so, care must be taken to ensure that the availability… Read More
Foundational requirements (FR) and system requirements (SR) Foundational requirements (FR) The IEC 62443 standard defines seven foundational requirements (FR). These are basic requirements regarding the security of an ICS. They are addressed to all stakeholders of a plant and used throughout the standard. FR1: Identification and authentication… Read More
Defense-in-Depth concept Purpose of the Defense-in-Depth concept A suitable approach to counter manifold cyber threats is a Defense-in-Depth strategy, for example in accordance with the IEC 62443 standard. This means that a holistic approach must include a combination of technological and organizational measures. Furthermore, a defense system… Read More
Concepts & tools based on IEC 62443 The following topics describe concepts and tools defined in the IEC 62443 standard: Least privilege concept Defense-in-Depth concept Zones and conduits (with protection needs analysis) Data classification & protection needs Security levels (SLs) Foundational requirements (FR) and system requirements… Read More
