When we think of cyber threats, the first that comes into our mind are identity theft and other cyber attacks affecting traditional information technology (IT) systems. People tend to forget about cyber threats to operational technology (OT) systems affecting our critical infrastructure everywhere around the globe. Systems that control the operations of our manufacturing plants, chemical plants, water/utilities, power, etc. all face cyber threats with potentially devastating consequences. However, mostly the focus is on data protection, privacy, and IT-focused cybersecurity.
With emerging new technologies and increasing automation in manufacturing, the importance of security is more and more recognized. A security culture is already required to be in place for Industry 3.0 (MES/MOM) to be able to extend this for Industry 4.0 and Smart Manufacturing.
By applying the ISA/IEC-62443 (formerly ISA-99) standard, a structured approach to security in manufacturing can be set up. The standard defines both a design concept, being Zones and Conduits, and a Security Lifecycle concept based on risk assessments and continuous improvement thinking.
To identify the security needs and important characteristics of the environment at a level of detail necessary to address security issues with a common understanding of the framework and vocabulary the standard includes a series of models:
Reference models provide the overall conceptual basis of policies, procedures and guidelines which are applied to the assets.
Asset models that describe the relationships between assets within an industrial automation and control system.
A reference architecture that describes the configuration of assets.
A zone model that groups reference architecture elements according to defined characteristics.