Component Use-Cases for the Practical Application of IEC 62443

As a user, you are often faced with the question of how to evaluate and assess the security requirements for your application – and which criteria are decisive for the selection of security products and solutions. The component use cases presented here provide you with practical concepts based on two concrete examples – an industrial firewall and a security gateway.

What repeatedly raises questions in practice is the IEC 62443-4-2 part of the standard, which deals with the certification of components and devices used in control and automation technology – more precisely, with the coverage of IT security in relation to a defined security level of such products. On the one hand, the standard is important for system integrators, machine builders and plant operators who have to consider the security aspects of their application – and on the other hand, for device manufacturers who develop routers, gateways and other components for the automation industry.

There is currently no standardized testing scheme. Some users use the simplified view of the four security levels to assess security requirements. In practice, this rather general approach hardly leads to answers that cover all aspects of an application. Another approach is a risk analysis at the system level. Although this allows the security requirements to be described precisely, they are not so general that they can be easily applied to other applications.

To solve this dilemma, Teletrust’s Smart Grids/Industrial Security working group has become active. The goal is to define 62443-4-2 component use cases that take both of the above approaches into account. The first step is to define the functionality and intended use of the component. Then the application and the environment in which it will be used are considered in order to derive the security requirements in accordance with IEC 62443-4-2. This is done from two perspectives – from the security level perspective and from the application perspective. Finally, the use case specifies concrete points and steps for testing the finished solution as part of internal quality assurance.

To simplify practical application, the use cases were not developed in general terms, but based on two concrete examples – an industrial firewall and a security gateway. The two use cases differ in that the industrial firewall use case can be based on practical experience with existing products, while the security gateway use case has hardly any empirical values due to the new fields of application and products.

TeleTrusT to IEC 62443-4-2

Find your sales partner

Find your personal contact person in your area.

Find your sales partner

Start your remote services

Are you looking for an all-in-one solution? Try our web-based remote access portal today.

Start now
u

We are here to help you

Questions? We can help you. For direct support, you can also call us.

To our Helpdesk

Stay informed

Subscribe here to get updates on IoT and remote access solutions, products and features and get the latest cybersecurity updates.

Subscribe now

You have questions?

Write us!

Allgemeine Anfrage EN

Callmeback

As a strong brand MB connect line provides you with solutions for Secure Remote Access, IIoT and Industrial Security.

We unlock the value of data by developing and manufacturing innovative solutions to access, connect and visualize your information.

SECURITY IS OUR PROMISE.

Red Lion Europe GmbH

Winnettener Str. 6
91550 Dinkelsbühl
Germany

Contact

Phone: +49 98 51 / 58 25 29 0
Fax: +49 98 51 / 58 25 29 99

Follow us
Subscribe newsletter
Support

helpdesk.mbconnectline.com
Phone: +49 98 51 / 58 25 29 900

Quick Links
Download Portal
Security Whitepaper
Success Story Brochure
Imprint
General Terms and Conditions
Privacy Policys
Login Extranet