A family of industrial cybersecurity standards
ISA/IEC 62443
The interconnection of advanced computer and control networks and systems has its advantages and disadvantages. A system vulnerability in one sector can affect and damage multiple sectors. Therefore, it is crucial that cybersecurity standards are applied and implemented in industry or other sectors.
ISA/IEC 62443 – Safety of industrial automation and control systems is a group of safety standards applicable to all key industrial sectors and critical infrastructure. They were developed in cooperation with international cyber security experts who are employed in industry, state governments and institutions of different countries, world scientific academies and represent a comprehensive approach to cyber security issues.
So far, it has been shown in practice that PLC devices are very vulnerable during cyberattacks, so the implementation of the above standards helps precisely those organizations that produce and use, for example, PLCs and other vulnerable devices in their business.
ANSI/ISA-62443-3-3-2013
Security for Industrial Automation and Control Systems – Part 3-3: System Security Requirements and Security Levels (Security for Industrial Automation and Control Systems Part 3-3: System Security Requirements and Security Levels). This standard defines the requirements for the technical control system.
The requirements are in accordance with the basic requirements described in ISA-62443-1-1, including defining the requirements for determining the security level of the control system. These requirements are used in conjunction with defined zones and hubs to establish the appropriate control system target.
ANSI/ISA-62443-2-1-2009
Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program (ANSI/ISA-62443-2-1-2009, Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program).
This standard deals with the problem of safety of industrial automation and control systems. It describes the elements contained in a cybersecurity management system for use in an industrial automation and control environment and provides guidance on how to meet the requirements of the standard for each element in the system.
ANSI / ISA-62443-1-1-2007
Security for Industrial Automation and Control Systems - Part 1-1: Terminology, Concepts and Models (Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models)
The first in a series of ISA standards that deals with the topic of the safety of industrial automation and control systems, specifically the electronic safety of these systems. The standard includes basic concepts and models related to cyber-security for industrial control systems.
ANSI / ISA-TR62443-2-3-2015
Security of Industrial Automation and Control Systems Part 2-3: Patch Management in the IACS Environment
This technical report defines the requirements that must be met by property owners and product suppliers. Those who established and maintain the IACS patch management system program.
This standard in combination with the appropriate software solution is intended for representatives of companies in the industry. It is intended for urban areas that manage companies for energy distribution, water supply. It is intended for processing industry, trade, tourism, agriculture. And it is intended for other sectors whose goal is survival and growth in the EU’s single digital market.