Operational Technology needs protection

Industrial Security concerns the protection of a machine or plant against unauthorized access from outside and the protection of sensitive data internally. This includes both explicit attacks and unintentional security incidents. Standards such as the ISO/IEC 27000 series 'Information technology - Security techniques - Information security management systems' cannot be easily transferred to automation, where the availability of data is paramount - as an essential prerequisite for smooth manufacturing processes. In order to enable effective security solutions for automation, various organizations are developing appropriate standards. However, these standards only describe partial aspects such as the demarcation between security and safety. Furthermore, they are neither available as a draft nor as an official standard, so they are rather technical references.

For component manufacturers

• IEC 62443-4-1:2018 Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements
• IEC 62443-4-2:2019 Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components

For system integrators

• IEC 62443-2-4:2015+AMD1:2017 Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
• IEC TR 62443-2-3:2015 Security for industrial automation and control systems - Part 2-3: Patch management in the IACS environment

For operators

• IEC 62443-2-4:2015+AMD1:2017 Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers
• IEC 62443-2-1:2010 Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program