The international standard ISO 62443 is currently in the publishing process. Although it is not formally part of the ISO 27000 series of standards, it is closely linked to it as far as content is concerned: ISO 62443's objective is to define technical security requirements for communication scenarios within automation systems. Accordingly, it may be regarded as an industry-specific version of the ISO 27001 standard.
With ISO 62443, companies will be given the opportunity to establish a required minimum of information security within the field of industrial automation, in order to ensure the confidentiality, availability, and integrity of the data processed.
Threats and Vulnerabilities Specific to Industrial Automation
Production facilities for manufacturing companies are often coupled with corporate IT systems for fast and effective supply of materials and order processing. The IT systems in turn connect manufacturers with suppliers and customers, resulting in an increased risk to information security and thus to the availability of corporate IT systems and production facilities. If these systems fail or their performance is reduced, the company's productivity and thus profitability will suffer as well. In addition, the high security requirements of internal data are to be taken into account: especially their confidentiality and integrity must be ensured during transmission and processing.
ISO 62443: Topics and Content
Taking the threats and vulnerabilities specific to industrial automation into account, 62443 defines security profiles for the following scenarios:
Communication in the IT network
Communication in the automation network
Connecting maintenance equipment (PCs) to the automation network
Communication between production cells
Communications with remote devices
Connection to the office network – remote maintenance – communication between control stations
Each security profile defines user scenarios, security threats, security requirements as well as responsibilities.
ISO 62443 in Your Organisation
Are you interested in implementing ISO 62443 in your organisation? Please refer to our overview to find out which other standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.
