Technology
Securing network devices with the IEC 62443-4-2 standard AS THE INDUSTRIAL IoT CONTINUES TO EXPAND, more and more devices are being connected to networks. This trend is seeing networks transitioning from closed networks to enterprise IT networks that are accessible over the public Internet. While this trend is enhancing operational efficiency, it is unfortunately causing asset owners to become increasingly concerned about the dangers posed by cybersecurity threats. The asset owners’ concerns are justified. A recent report released by the Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) IEC 62443 includes guidelines for different parts of a network and different responsibilities for those using the network. calculated that investigators responded to 392 incidents in 2016 in the significantly reduces the chances of a cyber Automation industry requirements U.S., compared to 295 the previous year attack affecting the network. Within the IEC 62443 standard are several regarding cyberattacks on infrastructure. The subsections that relate to different parties. As growth rate of product vulnerability incidents IEC 62443 standard SIs are demanding compliance with the IEC was 32.88% from 2015 to 2016. It is therefore The IEC 62443 standard includes guidelines 62443-4-2 subsection, which issues guidelines unsurprising that asset owners are increasingly for component suppliers, the subsection for different parts of a network and those requiring cybersecurity solutions to allow who perform different responsibilities on the is becoming increasingly important. The them to build secure systems for industrial network. In the past, asset owners relied on component requirements are derived from applications. system integrators (SIs) such as Siemens, foundational requirements, including identification and authentication control, use Honeywell, and ABB to provide the security solutions for the network. However, many SIs control, data integrity and confidentiality, as Evolving cybersecurity standards now demand that component suppliers comply well as backup for resource availability. In 2002, the International Society for Due to the increasingly important role Automation (ISA) produced the ISA-99 with the subsection of the IEC 62443 standard document to advise businesses operating in that pertains to their devices. The diagram that component suppliers are playing on the automation industries how to protect above provides a brief overview including the IIoT networks, the remainder of this paper will focus on the details of the security against cybersecurity threats. Fifteen years scope and the significance of each part for ago, cybersecurity wasn’t the hot topic it is those who must ensure the secure operation requirements that component suppliers must meet when designing devices for deployment of a network. today. The IEC 62443 guidelines define four security on IIoT networks. The ISA documents have been aligned with those more frequently used by the threat levels. The security standard level 2 is the baseline requirement of the automation Infrastructure International Electrotechnical Commission (IEC) as the concerns around cybersecurity industry. It relates to cyber threats posed by If a network component allows users to have grown since the conception of the ISA hackers, which is the most common attack access devices or applications, the network standards. Currently, the IEC 62443 standard experienced by system integrators who secure component must be able to uniquely identify constitutes a series of standards, reports, and industrial networks. Level 1 is to protect and authenticate all users, including humans, against accidental unauthenticated access and processes, and devices. This allows separation other relevant documentation that define Levels 3 and 4 are against intentional access of duties and the principle of least privilege procedures for implementing electronically by hackers who utilize specific skills and tools. that ensures every user only has access to secure Industrial Automation and Control IEC 62443-4-2 Level 2: Baseline information and devices that are essential for Systems (IACS). If the guidelines within the IEC 62443 standard are followed, it the user to be able to perform their designated
28
in d u s t r ial et h er ne t b o o k
7.2020
SOURCE: MOXA
As devices are being constantly added to networks, device security is of paramount concern to asset owners. Complete system-level security must be built upon the foundations that consist of each individual component's security functions, along with cybersecurity standards such as IEC 62443.
