The International Society of Automation (ISA) and the International Electrotechnical Commission have collaborated to establish the ISA/IEC 62443 series of standards. It is a daunting series, so we have distilled its essence down to the most relevant details that will keep operations running and ICS (Industrial Control Systems) secure. These systems automate industrial production processes and are used widely in power, water, oil, and natural gas industries. The ISA/IEC 62443 standards provide frameworks for best practices within industrial network security and new technical specifications are reviewed every 3 years to see if they can become new standards.
The standard consists of 14 documents divided into four groups: general, policies and procedures, system requirements and component requirements. In this publication, we concentrate particularly on the ISA/IEC 62443-3 standard because it provides a critical framework for cybersecurity in Industrial Automation and Control Systems (IACS). This section offers specific technical security requirements, defines distinct Security Levels, and addresses various degrees of threats and impacts. The 3 Security Levels are as follows:
1. SL (Target) – the aspirational level of security, the goal that a zone or conduit should aim for
2. SL (Achieved) – the current level of security for the zone or the conduit
3. SL (Capability) – security level capability or the inherent security level capability of devices or systems within a zone or conduit.
Read our publication for a closer look at these subjects.
