When we think of cyber threats, the first thing that comes into our mind are identity theft and other cyber attacks affecting traditional information technology (IT) systems. People tend to forget about cyber threats to operational technology (OT) systems affecting our critical infrastructure everywhere around the globe. Systems that control the operations of our manufacturing plants, chemical plants, water/utilities, power, etc. all face cyber threats with potentially devastating consequences. However, mostly the focus is on data protection, privacy, and IT-focused cybersecurity.
With emerging new technologies and increasing automation in manufacturing, the importance of security is more and more recognized. A security culture is already required to be in place for Industry 3.0 (MES/MOM) to be able to extend this for Industry 4.0 and Smart Manufacturing.
By applying the ISA/IEC-62443 (formerly ISA-99) standard, a structured approach to security in manufacturing can be set up. The standard defines both a design concept, being Zones and Conduits, and a Security Lifecycle concept based on risk assessments and continuous improvement thinking.
To identify the security needs and important characteristics of the environment at a level of detail necessary to address security issues with a common understanding of the framework and vocabulary the standard includes a series of models: