SlideShare a Scribd company logo

IEC62443.pptx

Download as PPTX, PDF
2
233076

IEC62443 standard presentation

Engineering
1 of 16
IEC 62443 SERIES STANDARD
INDUSTRY 4.0 • It is a term used to describe the fourth industrial revolution, • Characterized by the integration of intelligent digital technologies into • manufacturing • industrial processes • It allows for smart manufacturing and intelligent factories. Technologies include • IoT networks • AI • Big Data • Robotics • Automation
INTELLIGENT FACTORIES • Factories are equipped with advanced sensors, embedded software and robotics for decision making by collecting & analyzing data. • Create new levels of visibility and insight from previously siloed information by combining production ops and ops data from • ERP • Supply chain • Customer service • Which leads to • increased automation • Predictive maintenance • Self-optimization of process improvements • Efficiency and Response time
ISA/IEC 62443 • The ISA/IEC 62443 series of standards is a set of guidelines that define requirements and processes for implementing and maintaining secure industrial automation and control systems (IACS) • These standards are a way to assess the level of security performance and set best practices for security • Uses a holistic approach by bridging the gap between • Operation and IT • Process Safety and Cyber Security
ISA/IEC 62443 The ISA/IEC 62443 set cybersecurity benchmarks in all industry sectors that use IACS, including • Building automation, • Electric power generation • Distribution • Medical devices • Transportation • Process industries such as chemicals and oil and gas
MOTIVATION • 9/11 Incident • If terrorists learned how to operate sophisticated airplanes, it was likely that they could learn how control systems in critical infrastructures
ISA 62443 DOCUMENTS • ISA works on the basis of rules set by the American National Standards Institute (ANSI) • Three basic roles that help protect industrial facilities from cyber attacks. • Product Supplier (PS) • System Integrator (SI) • Asset Owner (AO)
PRINCIPLES The standard defines the principles to be followed in the OT sector • The principle of least privilege. • Give users only the rights they need to perform their work • To prevent unwanted access to data or programs and to block or slow an attack if an account is compromised. • Defense in Depth. • This technique allows multiple layered defenses techniques to delay or prevent a cyber attack in the industrial network. • Systems be separated into groups called “zones” that will be able to communicate with each other through communication channels called “conduits” whether they are physical, electronic, or process-based. • Risk analysis. • Address risks related to production infrastructure, production capacity (production downtime), impact on people (injury, death), and the environment (pollution).
THE ISA/IEC 62443 REFERENCE MODE • Defines the concept of an industrial control system, introducing a five-level functional reference model • Segmenting these functional levels into zones and conduits • Defining the essential requirements (foundational requirements - FR) for system security. • The standard also provides functional reference model • reference models for local systems, distributed systems (SCADA) • a zone and conduit segmentation model (Figure 4)
CYBER SECURITY MANAGEMENT SYSTEM
SECURITY REQUIREMENTS Standards define a set of requirements at organizational (governance) and technical levels. ISA/IEC 62443 establishes seven requirements (Foundational Requirements – FR)
ISA 62443 – FOUNDATIONAL REQUIREMENTS • FR1 - Identification, Authentication Control and Access Control (AC) - Identifies and authenticates all users (human, process, and equipment) before allowing access to the IACS. • FR2 - User Control (UC): Ensures that all identified users (human, process, and device) have privileges to perform the required actions on the system and monitors the use of those privileges. • FR3 - Data Integrity (DI): Ensures the integrity of equipment and information (protection against unauthorized changes) in communication channels and storage directories. • FR4 - Data Confidentiality (DC): Ensures that information flowing through communication channels and storage directories is not distributed. • FR5 - Restrict Data Flow (RDF) - Segments the system into zones and conduits to avoid unnecessary data propagation. ● • FR6 - Timely Response to Events (TRE): Responds to security breaches with timely reporting and timely decision making. • FR7 - Resource Availability (RA) - Ensures system and asset availability during denial of service attacks.
• The repository introduces via document 62443-1-1 a maturity model, derived from the CMMI for services model. • It is about characterizing an organization’s level of cybersecurity control based on its practices as defined by the standard. SECURITY LEVELS (SLs)
• Level 1 - Initial: The company is lagging behind in cybersecurity. Few measures are in place or if they exist, they are not documented. • Level 2 - Managed: Security measures are in place, documented, but the process is not adopted by the entire ecosystem. Best practices are not yet in the DNA of users. • Level 3 - Defined (practiced): Measures are in place, documented, and well integrated across the organization. • Level 4 - Improving: Safeguards exist, are documented, CSMS is regularly audited. Regular system updates are performed to improve governance and technical solutions. SECURITY LEVELS (SLs)
SECURITY LEVELS (SLS)
SECURITY LEVELS (SLS) Security levels are defined according to their typology: • Target - This is the level of protection to be achieved for each area and path using a number of countermeasures (SL-T). • Capability - This is the level of protection specific to a component or system that allows the desired level of security to be expected. (SL-C) • Achieved: This is the level actually achieved by the intrinsic properties of the components that make up a zone or conduit and the potential contribution of countermeasures. (SL-A) Security levels should be matched to each essential requirement. The security levels are divided into five levels: SL 0: Protection below level 1 SL 1: Protection against usual or coincidental violations SL 2: Protection against intentional violations using simple resources SL 3: Protection against intentional violations using sophisticated measures SL 4: Protection against intentional violations using extreme measures

Recommended

OT_Security.pptx
OT_Security.pptxOT_Security.pptx
OT_Security.pptxNandan Dutta
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesCMDLMS
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_SecurityWillianMachadoFonsec
 

Recommended

OT_Security.pptx
OT_Security.pptxOT_Security.pptx
OT_Security.pptxNandan Dutta
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesCMDLMS
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_SecurityWillianMachadoFonsec
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammondPROFIBUS and PROFINET InternationaI - PI UK
 
Firewalls
FirewallsFirewalls
FirewallsDr.Florence Dayana
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyPROFIBUS and PROFINET InternationaI - PI UK
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptxselvapriyabiher
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial Systemiosrjce
 
F017223742
F017223742F017223742
F017223742IOSR Journals
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsA Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsFörderverein Technische Fakultät
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spaintimesproduction05
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control
 

More Related Content

Similar to IEC62443.pptx

Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial Systemiosrjce
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsA Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsFörderverein Technische Fakultät
 

Similar to IEC62443.pptx (20)

10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
 
Firewalls
FirewallsFirewalls
Firewalls
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICS
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial System
 
F017223742
F017223742F017223742
F017223742
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsA Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
 

Recently uploaded

Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spaintimesproduction05
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSrknatarajan
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 

Recently uploaded (20)

Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 

IEC62443.pptx

  • 2. INDUSTRY 4.0 • It is a term used to describe the fourth industrial revolution, • Characterized by the integration of intelligent digital technologies into • manufacturing • industrial processes • It allows for smart manufacturing and intelligent factories. Technologies include • IoT networks • AI • Big Data • Robotics • Automation
  • 3. INTELLIGENT FACTORIES • Factories are equipped with advanced sensors, embedded software and robotics for decision making by collecting & analyzing data. • Create new levels of visibility and insight from previously siloed information by combining production ops and ops data from • ERP • Supply chain • Customer service • Which leads to • increased automation • Predictive maintenance • Self-optimization of process improvements • Efficiency and Response time
  • 4. ISA/IEC 62443 • The ISA/IEC 62443 series of standards is a set of guidelines that define requirements and processes for implementing and maintaining secure industrial automation and control systems (IACS) • These standards are a way to assess the level of security performance and set best practices for security • Uses a holistic approach by bridging the gap between • Operation and IT • Process Safety and Cyber Security
  • 5. ISA/IEC 62443 The ISA/IEC 62443 set cybersecurity benchmarks in all industry sectors that use IACS, including • Building automation, • Electric power generation • Distribution • Medical devices • Transportation • Process industries such as chemicals and oil and gas
  • 6. MOTIVATION • 9/11 Incident • If terrorists learned how to operate sophisticated airplanes, it was likely that they could learn how control systems in critical infrastructures
  • 7. ISA 62443 DOCUMENTS • ISA works on the basis of rules set by the American National Standards Institute (ANSI) • Three basic roles that help protect industrial facilities from cyber attacks. • Product Supplier (PS) • System Integrator (SI) • Asset Owner (AO)
  • 8. PRINCIPLES The standard defines the principles to be followed in the OT sector • The principle of least privilege. • Give users only the rights they need to perform their work • To prevent unwanted access to data or programs and to block or slow an attack if an account is compromised. • Defense in Depth. • This technique allows multiple layered defenses techniques to delay or prevent a cyber attack in the industrial network. • Systems be separated into groups called “zones” that will be able to communicate with each other through communication channels called “conduits” whether they are physical, electronic, or process-based. • Risk analysis. • Address risks related to production infrastructure, production capacity (production downtime), impact on people (injury, death), and the environment (pollution).
  • 9. THE ISA/IEC 62443 REFERENCE MODE • Defines the concept of an industrial control system, introducing a five-level functional reference model • Segmenting these functional levels into zones and conduits • Defining the essential requirements (foundational requirements - FR) for system security. • The standard also provides functional reference model • reference models for local systems, distributed systems (SCADA) • a zone and conduit segmentation model (Figure 4)
  • 11. SECURITY REQUIREMENTS Standards define a set of requirements at organizational (governance) and technical levels. ISA/IEC 62443 establishes seven requirements (Foundational Requirements – FR)
  • 12. ISA 62443 – FOUNDATIONAL REQUIREMENTS • FR1 - Identification, Authentication Control and Access Control (AC) - Identifies and authenticates all users (human, process, and equipment) before allowing access to the IACS. • FR2 - User Control (UC): Ensures that all identified users (human, process, and device) have privileges to perform the required actions on the system and monitors the use of those privileges. • FR3 - Data Integrity (DI): Ensures the integrity of equipment and information (protection against unauthorized changes) in communication channels and storage directories. • FR4 - Data Confidentiality (DC): Ensures that information flowing through communication channels and storage directories is not distributed. • FR5 - Restrict Data Flow (RDF) - Segments the system into zones and conduits to avoid unnecessary data propagation. ● • FR6 - Timely Response to Events (TRE): Responds to security breaches with timely reporting and timely decision making. • FR7 - Resource Availability (RA) - Ensures system and asset availability during denial of service attacks.
  • 13. • The repository introduces via document 62443-1-1 a maturity model, derived from the CMMI for services model. • It is about characterizing an organization’s level of cybersecurity control based on its practices as defined by the standard. SECURITY LEVELS (SLs)
  • 14. • Level 1 - Initial: The company is lagging behind in cybersecurity. Few measures are in place or if they exist, they are not documented. • Level 2 - Managed: Security measures are in place, documented, but the process is not adopted by the entire ecosystem. Best practices are not yet in the DNA of users. • Level 3 - Defined (practiced): Measures are in place, documented, and well integrated across the organization. • Level 4 - Improving: Safeguards exist, are documented, CSMS is regularly audited. Regular system updates are performed to improve governance and technical solutions. SECURITY LEVELS (SLs)
  • 16. SECURITY LEVELS (SLS) Security levels are defined according to their typology: • Target - This is the level of protection to be achieved for each area and path using a number of countermeasures (SL-T). • Capability - This is the level of protection specific to a component or system that allows the desired level of security to be expected. (SL-C) • Achieved: This is the level actually achieved by the intrinsic properties of the components that make up a zone or conduit and the potential contribution of countermeasures. (SL-A) Security levels should be matched to each essential requirement. The security levels are divided into five levels: SL 0: Protection below level 1 SL 1: Protection against usual or coincidental violations SL 2: Protection against intentional violations using simple resources SL 3: Protection against intentional violations using sophisticated measures SL 4: Protection against intentional violations using extreme measures