Industrial environments of today now adopt automation processes. However, that also means facing cybersecurity risks. How does ISA/IEC 62443 help in this regard?
The International Society Of Automation (ISA) 99 Committee
This committee brings together industrial cybersecurity experts around the globe. They are aiming to develop ISA standards on “Industrial Automation and Control Systems Security” (IACS).
This standard can address the following:
- Public endangerment or employee safety
- Loss of public confidence
- Regulatory requirements violations
- Proprietary or confidential information losses
- Economic loss, and
- Impact on national security.
Thus, the committee’s goal is to establish standards, recommend best practices as well as technical reports and related information. These will be defining the procedures for electronically secure manufacturing and control systems.
Moreover, it’s their focus is to improve confidentiality and integrity. As well as the component’s availability used for manufacturing or control.
What Is ISA 62443?
It’s a series of standards that include technical reports to secure “Industrial Automation and Control Systems.” In other words, this series of standards provides a systematic and practical approach for industrial systems cybersecurity.
This standard is developed by the ISA99 committee. Then, the IEC or “International Electrotechnical Commission” adopted the standard. So it is now called ISA/IEC 62443.
Key Principles Of The ISA/IEC 62443 Series
From the standard’s perspective, cybersecurity is not a goal that has to be reached. Rather it sees it as an ongoing process. Further, it caters to the development of IACS components that are secure-by-design.
The following are the 4 key standards.
This standard covers the policies and practices for system integration.
This is the “Product Security Development Life-Cycle Requirements.”
It takes charge of specifying the process requirements for the secure development of the product used in an IACS. Aside from that, it’s also the one that’s defining a secure development lifecycle for developing and maintaining secure products.
This development lifecycle is including the list of the things below:
- The security requirements definition
- Secure design
- Secure implementation. And this includes the guidelines for coding
- Verification as well as validation
- Defect management
- Patch management, and also
- The product end-of-life
This refers to the “Security For Industrial Automation And Control Systems: The Technical Security Requirements For IACS Components.”
This provides cybersecurity technical requirements. Particularly for components that making up an IACS.
It also sets forth security capabilities. These security capabilities enable a component to mitigate threats for a given security level. And this is accomplished without the assistance of compensating countermeasures.
This is the “System Security Requirements And Security Levels.”
It is the one defining the security assurance levels of the IACS components. The security levels are defining the cybersecurity functions which are embedded in the products. So, this increases the product’s robustness. Additionally, it makes it resistant to cyber threats.
Challenges Of Implementing These Standards
Implementing these standards prove many virtues and benefits. But, there are challenges too. Consider the following:
- It’s not entirely complete. And most of the specifications in the standard are not published yet.
- It’s a very comprehensive standard. So far, it has a volume of 800 pages. Therefore, you need a significant amount of time and effort reading and understanding the complete standard.
- Finally, the cost of one complete copy is $2000.