Component Use-Cases for the Practical Application of IEC 62443
As a user, you are often faced with the question of how to evaluate and assess the security requirements for your application – and which criteria are decisive for the selection of security products and solutions. The component use cases presented here provide you with practical concepts based on two concrete examples – an industrial firewall and a security gateway.
What repeatedly raises questions in practice is the IEC 62443-4-2 part of the standard, which deals with the certification of components and devices used in control and automation technology – more precisely, with the coverage of IT security in relation to a defined security level of such products. On the one hand, the standard is important for system integrators, machine builders and plant operators who have to consider the security aspects of their application – and on the other hand, for device manufacturers who develop routers, gateways and other components for the automation industry.
There is currently no standardized testing scheme. Some users use the simplified view of the four security levels to assess security requirements. In practice, this rather general approach hardly leads to answers that cover all aspects of an application. Another approach is a risk analysis at the system level. Although this allows the security requirements to be described precisely, they are not so general that they can be easily applied to other applications.
To solve this dilemma, Teletrust’s Smart Grids/Industrial Security working group has become active. The goal is to define 62443-4-2 component use cases that take both of the above approaches into account. The first step is to define the functionality and intended use of the component. Then the application and the environment in which it will be used are considered in order to derive the security requirements in accordance with IEC 62443-4-2. This is done from two perspectives – from the security level perspective and from the application perspective. Finally, the use case specifies concrete points and steps for testing the finished solution as part of internal quality assurance.
To simplify practical application, the use cases were not developed in general terms, but based on two concrete examples – an industrial firewall and a security gateway. The two use cases differ in that the industrial firewall use case can be based on practical experience with existing products, while the security gateway use case has hardly any empirical values due to the new fields of application and products.
Find your sales partner
Find your personal contact person in your area.
Start your remote services
Are you looking for an all-in-one solution? Try our web-based remote access portal today.
We are here to help you
Questions? We can help you. For direct support, you can also call us.
Subscribe here to get updates on IoT and remote access solutions, products and features and get the latest cybersecurity updates.