ISA/IEC 62443

ISA/IEC 62443

"The role of ISA/IEC 62443 in securing OT networks: A comprehensive overview"

Operational Technology (OT) networks on the shopfloor and at the SCADA level play a crucial role in the context of IEC 62443, as this international standard was developed specifically for the security of network and information systems in industrial automation and control.

In today's industrial landscape, we are experiencing a significant increase in the complexity of OT networks. This is mainly due to the increasing number and variety of applications such as PROFINET, TCP/IP and others running on these networks. At the same time, homogeneous fieldbus systems are increasingly merging into more comprehensive OT networks.

Glossar IEC 62443

This development brings many advantages in terms of efficiency, flexibility and connectivity, but also poses challenges in terms of OT security. This results in specific challenges for OT security managers and plant managers: Ensuring the integrity, availability and confidentiality of critical industrial control systems while adapting to growing connectivity and digitalization. Effectively securing OT networks requires a holistic approach that takes into account both physical and cyber-technological aspects and is constantly adapted to current and future security requirements.

Essential key points on the importance of OT network technology in relation to IEC 62443 are:

Integration of security in OT networks

  • Adaptation to OT specifics: OT systems have different requirements and characteristics to systems at IT and IIT level. IEC 62443 takes this into account and provides guidelines that are tailored to the specific needs and challenges of OT networks.
  • Security assessment: The standard enables a structured assessment of security risks in OT environments and supports the implementation of customized security measures.

Security management and control

  • Security levels: The definition of security levels (SLs) within the framework of IEC 62443 makes it possible to adapt the security requirements for OT systems according to their risk profile. The 4 security levels (SL) of IEC 62443-3-3 are:
    • SL1 – Protection Against Casual or Coincidental Violation: SL1 aims to protect systems against accidental or unintentional security risks. This includes measures that address basic security threats that could arise from general carelessness or accidental events.
      • Actions:
        • Basic physical security controls
        • Simple authentication and authorization mechanisms
        • Basic network security measures (e.g. firewall, segmentation)
    • SL2 – Protection Against Intentional Violation Using Simple Means: SL2 is about implementing security measures that target attackers who have a certain level of skill and resources, but only use simple methods to carry out an attack.
      • Actions:
        • Advanced authentication and encryption
        • Detailed access controls and logging
        • Implementation of network monitoring and detection
    • SL3 – Protection Against Intentional Violation Using Sophisticated Means): SL3 is designed to provide protection against advanced threats. It takes into account attackers who have specialized knowledge and sophisticated means to carry out targeted attacks on the system.
      • Actions:
        • Multi-level authentication (MFA)
        • Comprehensive network segmentation and strict access controls
        • Regular security assessments and penetration tests
        • Use of anomaly detection systems
    • SL4 – Protection Against Intentional Violation Using Sophisticated Means with Extended Resources: SL4 represents the highest level of security. It provides protection against highly skilled attackers who not only have advanced knowledge and techniques, but are also able to mobilize significant resources for a long-term and complex attack.
      • Actions:
        • High-level encryption and security for physical and network infrastructures
        • Advanced threat analysis and response
        • Strict controls for access to hardware and software
        • Sophisticated monitoring and response systems for security incidents
  • Proactive security measures: The policies support the development of proactive security strategies to counter threats and vulnerabilities in OT networks.

Implementation of Defense in Depth and Zones and Conduits

  • Multi-layered security approaches: The concepts of Defense in Depth and Zones and Conduits are central to security in OT networks. They enable a multi-layered security architecture that includes both physical and network-based security levels.
  • Segmentation: The division into security zones and the control of data traffic by conduits help to minimize the risk of network attacks and limit the impact of security incidents.

Compliance and Standardization

  • Adherence to international standards: By applying the IEC 62443 standard, operators and installers can ensure their OT networks meet internationally recognized security standards.
  • Enhancement of trustworthiness: An OT network certified under IEC 62443 increases the confidence of stakeholders, including customers and partners, in the security and reliability of the systems involved.
Blocking vs. Logging - Glossar IEC 62443

Blocking vs. Logging: Two pillars of network security under the IEC 62443 framework

Within the context of IEC 62443, various security strategies and mechanisms are discussed to ensure the integrity, availability, and confidentiality of automation systems. Two fundamental approaches in network security, also relevant under the IEC 62443 framework, include blocking and logging. Both approaches play a crucial role in the security architecture of an OT network but have different objectives and areas of application.

Blocking

The blocking approach refers to preventive measures that prevent unauthorized access or unwanted communication within a network. Specific actions, connections, or data packets are actively blocked to ensure network security. In practice, blocking can be implemented through various technologies and measures, such as firewalls, Intrusion Prevention Systems (IPS), and Access Control Lists (ACLs). The focus here is on directly thwarting threats by stopping potentially harmful activities before they can cause damage.

Logging

In contrast, the logging approach focuses on monitoring and recording network activities. Data about events, transactions, and behaviors within the network are collected to allow for detailed tracking and analysis. Logging tools and Security Information and Event Management (SIEM) systems play a central role in implementing this strategy. By logging network activities, unusual or suspicious operations can be identified, analyzed, and traced. This is particularly important for forensic analysis after a security incident and for the continuous improvement of the security strategy.

Differences and synergies

  • Objective:: Blocking aims to actively prevent security threats, while logging's role is to collect and evaluate information about network activities.
  • Prevention vs. Detection: Blocking serves to prevent security incidents by blocking access or execution of potentially harmful actions. Logging, on the other hand, enables the detection and analysis of security incidents by providing a detailed view of network activities.
  • Timing of measures: Blocking actions are taken in real-time to fend off immediate threats. Logging continuously collects data that can be analyzed at a later time.

In a comprehensive security strategy, as recommended by the IEC 62443, blocking and logging complement each other. Blocking protects the network through immediate intervention, while logging provides valuable insights for long-term security planning and incident response. Thus, both approaches are crucial to achieving the security objectives in industrial automation environments.

The importance of professional, forward-looking and security-oriented network planning

Careful planning of OT networks in line with the IEC 62443 is essential for the long-term security and stability of industrial control systems. A proactive and security-oriented network planning enables:

  • Early risk detection:Proactive identification and mitigation of potential security risks.
  • Compliance and adherence to standards: Ensuring compliance with relevant industry standards, leading to enhanced trustworthiness.
  • Long-term network security: Building a robust, adaptable, and future-proof security architecture.
  • Cost efficiency:Avoiding costly retrofits through early integration of security measures.

Such planning lays the foundation for a secure and reliable OT network that is effectively protected against current and future threats, thereby contributing to the long-term success of the company.

Conclusion

OT network technology is of central importance within the framework of IEC 62443, as it forms the basis for implementing and managing security measures and OT security systems in industrial automation and control systems. This integration significantly contributes to ensuring the security, stability, and reliability of OT systems in an increasingly connected and potentially vulnerable technological environment.

Top-Produkte

Industrial switches for network monitoring and high performance

PROmesh P product family

Industrial switches for network monitoring and high performance

Product details
Your partner for the future of industrial digitalization

SIEDS - Multisensor

Your partner for the future of industrial digitalization

Product details
Network security in digital communication

D*Bridge - Network bridge

Network security in digital communication

Product details

Subscribe to our newsletter

Stay informed! Receive the latest offers and news about industrial networks and their optimization - conveniently via e-mail.