Application of IEC 62443 for IoT components

Abstract

Internet technology has changed how people live, work, connect and learn. It connects machines, devices, sensors, and people and enables communication. This enabled a revolution in the industrial perspective, which is named “Industry 4.0.” Industry 4.0 is the application of automation and data exchange in manufacturing technologies. This rapid progression of industrial systems towards internet based production networks needs a flexible framework that facilitates addressing current and future vulnerabilities in Industrial Automation Control Systems (IACS). IEC 62443 series provides a standard methodology for building a secure infrastructure, which adapts the security requirements needed by IACS. The basic approach defined in the standard is to break down the system components into zones and conduits based on required security levels. This paper reuses this idea on a small scale to show how the same concept can be used to define zones and conduits between mixed-criticality IoT components to improve the security on component level. The MORETO tool, which is currently under development by AIT, supports the security risk analysis process.