Applicability of the IEC 62443 standard in Industry 4.0 / IIoT

Today's industrial automation systems are undergoing a digital transformation that implies a shift towards the Internet of Things (IoT), leading to the Industrial Internet of Things (IIoT) paradigm. Existing Industrial Automated Control Systems (IACS), enriched with a potentially large number of IoT devices are expected to make systems more efficient, flexible, provide intelligence, and ultimately enable autonomous control. In general, the majority of such systems come with high level of criticality that calls for well-established methods and approaches when achieving cybersecurity, preferably prescribed by a standard. IEC 62443 is an industrial standard that provides procedures to manage risks related to cybersecurity threats in IACS. Given the new IIoT paradigm, it is likely that existing standards are not sufficiently aligned with the challenges related to developing and maintaining cybersecurity in such systems. In this paper we review the applicability of the IEC 62443 standard in IIoT contexts and discuss potential challenges the process owners might encounter. Our analysis underlines that some areas within the standard could prove difficult to reach compliance with. In particular, handling of cross zone communication and software updates require additional guidance.

[1]  Richard Kissel,et al.  Glossary of Key Information Security Terms [2013 Revision] , 2013 .

[2]  David Hutchison,et al.  A survey of cyber security management in industrial control systems , 2015, Int. J. Crit. Infrastructure Prot..

[3]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[4]  Jürgen Jasperneite,et al.  Investigation on a distributed SDN control plane architecture for heterogeneous time sensitive networks , 2018, 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS).

[5]  Milosch Meriac,et al.  A Firmware Update Architecture for Internet of Things Devices , 2018 .

[6]  Joe Cunningham,et al.  The industrial internet of things (IIoT): An analysis framework , 2018, Comput. Ind..

[7]  Gregory A. Witte,et al.  Framework for Improving Critical Infrastructure Cybersecurity | NIST , 2014 .

[8]  Theodore J. Williams,et al.  The Purdue Enterprise Reference Architecture , 1992, DIISM.

[9]  Hans-Peter Fröschle DevOps , 2017, HMD Praxis der Wirtschaftsinformatik.

[10]  Athanasios V. Vasilakos,et al.  Software-Defined Industrial Internet of Things in the Context of Industry 4.0 , 2016, IEEE Sensors Journal.

[11]  David N. Cook,et al.  PETITION OF THE NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION FOR APPROVAL OF CRITICAL INFRASTRUCTURE PROTECTION (CIP) RELIABILITY STANDARDS VERSION 4 , 2011 .

[12]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[13]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[14]  Richard Kissel,et al.  Glossary of Key Information Security Terms , 2014 .

[15]  Sedat Akleylek,et al.  Security requirements for cryptographic modules , 2013 .

[16]  Cumberland Emergency,et al.  Framework for Improving Critical Infrastructure Cybersecurity News From Down Under , 2014 .

[17]  Muhammad Alam,et al.  Orchestration of containerized microservices for IIoT using Docker , 2017, 2017 IEEE International Conference on Industrial Technology (ICIT).

[18]  Alagan Anpalagan,et al.  Industrial Internet of Things Driven by SDN Platform for Smart Grid Resiliency , 2019, IEEE Internet of Things Journal.