Phoenix Contact industrial security guideline Introduction The increasing interconnection of systems, components, and devices as well as the growing amount of data to be transmitted and stored (in a word: the achievements of Industry 4.0) result in a higher risk of cyber attacks. This is also promoted… Read More
Data backup and restore General considerations on data backups Data loss may not be the result of careless or erroneous actions of authorized users or defects in storage media alone, but may also be the consequence of malicious deletion or encryption of your data by unauthorized intruders. Read More
Zones and conduits (with protection needs analysis) What is a zone? A complete plant is difficult to grasp or categorize in terms of possible threats and necessary security measures. For this reason, the IEC 62443 standard divides a complete system into so-called zones. In terms of the standard,… Read More
Foundational requirements (FR) and system requirements (SR) Foundational requirements (FR) The IEC 62443 standard defines seven foundational requirements (FR). These are basic requirements regarding the security of an ICS. They are addressed to all stakeholders of a plant and used throughout the standard. FR1: Identification and authentication… Read More
Defense-in-Depth concept Purpose of the Defense-in-Depth concept A suitable approach to counter manifold cyber threats is a Defense-in-Depth strategy, for example in accordance with the IEC 62443 standard. This means that a holistic approach must include a combination of technological and organizational measures. Furthermore, a defense system… Read More
Security levels Security levels according to IEC 62443-3-3 To categorize the severity of potential threads, protection classes are available for the various data classes a zone stores/processes or a conduit transmits. This is the basis for the required level of protection of an entire zone or conduit. In… Read More
Least privilege concept The concept of “least privilege” is a basic security concept: Every access and execution right to components and data in your ICS should be restricted to the maximum possible extend for each user. In doing so, care must be taken to ensure that the availability… Read More
Logging and monitoring Log and status data as feedback for security improvements The early detection of security-relevant incidents as well of system errors and performance “bottlenecks” during operation or data transmission depends to a large extent on adequate logging and monitoring. In particular, log data and… Read More
ICS security concept by Phoenix Contact This topic describes how Phoenix Contact solves the requirements regarding cyber-security. Note: This description and the illustrations in this chapter are schematic and exemplary in nature. They do not claim to be complete. Details on technical implementations and practical realization can… Read More
IEC 62443 standard: security for industrial applications Overview on the parts of the standard The IEC 62443 standard series defines the necessary security processes and functional measures for device/component manufacturers, system integrators, and operators of machines and plants. It is a common security standard for industrial automation systems and… Read More
