The Scope of IEC 62443 Standard
Why ISA/IEC 62443
Cyber Security in Industrial Automation and Control (IACS)
- The system design is not secure enough and can not be solved by technical means, then appropriate management and procedures are required.
- Enterprises highly rely on IT technologies. Consequently, they are not able to resist security threats and avoid risks.
- Human is always the biggest problem in cyber security management.
- The attack technologies are becoming more and more complex, and the attack sources are quite extensive.
- Public and private networks are interconnected to share information, making access control more difficult.
- The decentralized computer operation weakens the effect of centralized management.
Security Development Service of Industrial Automation and Control (IACS)
The methodology of International Standard IEC 62443-4-1 is adopted to assist in the establishment of secure product development plan
1. Differentiation Analysis
- Feasibility evaluation of cyber security operation
- Product security test (Pretest)
2. IEC 62443 4-1 Implementation
- Status interview
- Organization establishment and policy formulation
- Plan security work flow of product development
3. IEC 62443 4-2 Testing
- Cyber security test training
- Compliance testing
8 Practices, 47 Requirements
7 Foundational Requirements. 95 Security Requirements
- IAC - Identification and Authentication Control
- RA - Resource Availability
- TRE - Timely Response to Event
- RDF - Restricted Data Flow
- DC - Data Confidentiality
- SI - System Integrity
- UC - User Control
Component Requirement (CR)
- Software Application Requirement (SAR)
- Embedded Device Requirement (EDR)
- Host Device Requirement (HDR)
- Network Device Requirement (NDR)
The Process of IEC 62443-4-2 Cybersecurity Testing