Zugriffsrechte erwerben. Einloggen

Guideline Industrial Security

IEC 62443 is easy

Pierre Kobes

Diese Publikation zitieren

Pierre Kobes, Guideline Industrial Security (2017), VDE Verlag, Berlin, ISBN: 9783800743391

Getrackt seit 05/2018


Beschreibung / Abstract

Insufficient security is careless, too much security is inefficient.

Recent surveys point out that the fear of cyber attacks is one of the three biggest business risks. Cloud, privacy protection, mobility or the internet of things are important drivers for pushing changes in the field of IT Security in industrial environments. Without IT Security the Industrial Internet of Things will not be accepted.

The importance of protection concepts is growing with increasing external attacks. Operators of critical infrastructure have to maintain minimum standards of IT Security and to protect their installations against cyber-attacks. Effective protection concepts can only be implemented with a range of organizational and technical measures. Product suppliers, system integrators, and operators have to work together to deploy holistic protection solutions.

The series of standards IEC 62443 is focused on the support of holistic solutions for the protection of industrial systems and addresses all involved stakeholders. Correspondingly IEC 62443 is perceived as complex. This guideline has the aim to simplify the approach to the deployment of protection concepts by giving an overview about IEC 62443, summarizing the ideas and concepts, and illustrating practical solutions.



  • Guideline Industrial Security
  • Preface
  • Contents
  • 1 Introduction
  • Definition of “Industrial Security"
  • 2 Scope and roles of IEC 62443
  • 3 Structure of IEC 62443
  • 4 Concepts of IEC 62443
  • 4.1 Defense in depth
  • 4.2 Risk assessment according to VDI/VDE 2182
  • 4.3 The standard IEC 62443 in product and IACS lifecycles
  • 4.4 PDCA cycles in product and IACS lifecycles
  • 4.5 Security Levels according to IEC 62443-3-3
  • 5 Holistic approach, Protection Levels
  • Security is about technology, processes, and people
  • Protection levels are addressing installations in operation
  • Protection Levels combine the evaluation of technical and organizational measures
  • 5.1 Methodology to evaluate Protection Levels
  • 5.2 PL values belong to security control classes or views
  • 5.3 Use of protection levels in a risk-based approach
  • 5.4 Use of protection levels in the IACS lifecycle
  • 5.5 Use of protection levels by product suppliers
  • 6 How to proceed in the development of a protection concept
  • 6.1 Overview
  • 6.2 Plant security
  • 6.3 Network security
  • 6.4 System integrity
  • 6.5 Role based access
  • 6.6 Consideration of attack scenarios in product development and production
  • Annex: Detailed description of the IEC 62443 documents
  • A Main documents relevant for development and maintenance of a protection concept
  • A.1 IEC 62443-2-1 / ISO/IEC 27001
  • A.2 IEC 62443-2-4
  • A.3 IEC 62443-3-3
  • A.4 IEC 62443-4-1
  • A.5 IEC 62443-4-2
  • B Other documents of IEC 62443
  • B.1 IEC 62443-1-1
  • B.2 IEC 62443-1-2
  • B.3 IEC 62443-1-3
  • B.4 IEC 62443-2-3
  • B.5 IEC 62443-3-1
  • B.6 IEC 62443-3-2
  • Bibliography
  • Index

Ähnliche Titel

    Mehr von diesem Autor