Guideline Industrial Security

IEC 62443 is easy

Pierre Kobes

Cite this publication as

Pierre Kobes, Guideline Industrial Security (2020), VDE Verlag, Berlin, ISBN: 9783800753062

1189
accesses
11
quotes

Description / Abstract

Insufficient security is careless, too much security is inefficient.

Recent surveys point out that the fear of cyber attacks is one of the three biggest business risks. Cloud, privacy protection, mobility or the internet of things are important drivers for pushing changes in the field of IT Security in industrial environments. Without IT Security the Industrial Internet of Things will not be accepted.

The importance of protection concepts is growing with increasing external attacks. Operators of critical infrastructure have to maintain minimum standards of IT Security and to protect their installations against cyber-attacks. Effective protection concepts can only be implemented with a range of organizational and technical measures. Product suppliers, system integrators, and operators have to work together to deploy holistic protection solutions.

The series of standards IEC 62443 is focused on the support of holistic solutions for the protection of industrial systems and addresses all involved stakeholders. Correspondingly IEC 62443 is perceived as complex. This guideline has the aim to simplify the approach to the deployment of protection concepts by giving an overview about IEC 62443, summarizing the ideas and concepts, and illustrating practical solutions.

Extract

Table of content

  • Guideline Industrial Security
  • Your opinion matters!
  • Imprint
  • Preface
  • Contents
  • 1 Introduction
  • 2 Cybersecurity involves process, people, and technology
  • 3 Roles and responsibilities in IEC 62443
  • 4 Structure of IEC 62443
  • 5 Concepts of IEC 62443
  • 5.1 Defense in depth
  • 5.2 The standard IEC 62443 in product and IACS lifecycles
  • 5.3 Risk assessment according to VDI/VDE 2182
  • 5.4 Security Levels
  • 6 Holistic protection scheme
  • 7 Security Program Ratings
  • 7.1 Definition and methodology
  • 7.2 Use of SPR in risk reduction
  • 7.3 SPR and SL types
  • 7.4 Views
  • 8 Role-based activities and contributions in the development, practice and maintenance of a holistic protection scheme
  • 8.1 Specification
  • 8.2 Design
  • 8.3 Implementation
  • 8.4 Verification and validation
  • 8.5 Operation and Maintenance
  • 8.6 Update
  • 8.7 Decommissioning
  • 9 Holistic approach for product suppliers using the example of the Siemens security concept for process and discrete industries
  • 9.1 Overview
  • 9.2 Holistic security concept (HSC)
  • 9.3 Plant security
  • 9.4 Network security
  • 9.5 System integrity
  • 9.6 Role based access
  • 9.7 Consideration of attack scenarios in product development and production
  • A Detailed description of the IEC 62443 documents
  • 10.1 Main documents relevant for the development and practice of a holistic protection scheme
  • 10.2 Other documents of IEC 62443
  • B Tracing of requirements to the ele­ments of the new organizational structure
  • 11.1 SM, Security Management
  • 11.2 LF, Security Life Cycle
  • 11.3 RM, Risk Management
  • 11.4 AC, Access Control
  • 11.5 SI, System Integrity
  • 11.6 AS, System Availability
  • 11.7 DC, Data Confidentiality
  • 11.8 AM, Asset Management
  • 11.9 IM, Incident Management
  • Bibliography
  • Index

Related titles

    More of this author(s)