Abstract
Internet technology has changed how people live, work, connect and learn. It connects machines, devices, sensors, and people and enables communication. This enabled a revolution in the industrial perspective, which is named “Industry 4.0.” Industry 4.0 is the application of automation and data exchange in manufacturing technologies. This rapid progression of industrial systems towards internet based production networks needs a flexible framework that facilitates addressing current and future vulnerabilities in Industrial Automation Control Systems (IACS). IEC 62443 series provides a standard methodology for building a secure infrastructure, which adapts the security requirements needed by IACS. The basic approach defined in the standard is to break down the system components into zones and conduits based on required security levels. This paper reuses this idea on a small scale to show how the same concept can be used to define zones and conduits between mixed-criticality IoT components to improve the security on component level. The MORETO tool, which is currently under development by AIT, supports the security risk analysis process.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ma, Z., Hudic, A., Shaaban, A., Plosz, S.: Security viewpoint in a reference architecture model for cyber-physical production systems. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 153–159. IEEE (2017)
Shahzad, A., Kim, Y.-G., Elgamoudi, A.: Secure IoT platform for industrial control systems. In: 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6. IEEE (2017)
Williams, T.J.: The Purdue enterprise reference architecture. Comput. Ind. 24(2–3), 141–158 (1994)
IT/OT Executive Series: What you need to know about - networking. https://www.cogentind.com/it-ot-networking/
OVE Osterreichischer Verband fur Elektrotechnik. Industrial communication networks – Security for industrial automation and control systems, Part 4-2: Technical security requirements for IACS components. Technical report, IEC standards, June 2017
ISA. The 62443 series of standards: Industrial automation and control systems security, (1–4) (2018)
Security Levels in ISA-99 / IEC 62443. ISA 99 security levels proposal. https://www.scribd.com/document/129590220/ISA-99-SecurityLevels-Proposal/
Ristaino, A.: Industrial automation cyber security conformity assessments. http://www.isasecure.org/en-US/Articles/Industrial-automation-cybersecurity-conformity-ass
Enterprise Architect: Enterprise architect by sparx systems. https://www.sparxsystems.eu/start/home/
Enterprise Architect Sparx Systems. Model driven generation (MDG) technologies. http://www.sparxsystems.com/resources/mdg_tech/
Acknowledgement
This work has received funding from the SemI40 and AQUAS project, under grant agreement No. 692466 and No. 737475. The project is co-funded by grants from Austria, Germany, Italy, France, Portugal and ECSEL JU.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Shaaban, A.M., Kristen, E., Schmittner, C. (2018). Application of IEC 62443 for IoT Components. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11094. Springer, Cham. https://doi.org/10.1007/978-3-319-99229-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-99229-7_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99228-0
Online ISBN: 978-3-319-99229-7
eBook Packages: Computer ScienceComputer Science (R0)