In my last post I discussed cyber security and functional safety and said if you are not secure, then you are not safe.The main non-sector specific functional safety standard is IEC 61508. Within IEC 61508 it references IEC 62443 for security. IEC 62443 is entitled “Security for industrial Automation and Control systems” or “Industrial communication networks – Network and system security” depending on where you look. At last count it consisted of 13 parts and almost 1000 pages. The standards are being developed and published via the ISA (international society of automation engineers) committee ISA99 and the IEC (international electro-technical committees) IEC TC 65. IEC TC 65/SC 65A also publishes the functional safety standards IEC 61511 and IEC 61508 which is our first clue that the two areas might be related.
The four parts of IEC 62443-1-X deal with general concepts including concepts and models and a glossary of terms and conditions. The four parts in IEC 62443-2-X deal with policies and procedures including patch management while IEC 62443-3-X has three parts dealing with system level topics including the choosing of the correct SL (security level). The two parts of IEC 62443-4-X are probably the most interesting to companies like Analog Devices and our customers as these relate to component suppliers, with one part covering the life cycle requirements and the other the technical requirements.
A key concept within the IEC 62443 series is that of zones and conduits. Put in simple language a zone contains nodes with similar security requirements and a conduit is a link between zones.
A similarity with functional safety is that IEC 62443 nominates four SL (security levels) which sound very similar to the four SIL from IEC 61508 (another clue to the links). However, there is no one to one correspondence between SL and SIL. The definitions of the SL are contained in IEC 62443-1-1 and are shown below.
The definitions concentrate more on what is required to hack the system than the likelihood or probability of the system being hacked. There are alternate definitions given in various articles such as one which states that SL 4 is designed to prevent a nation state level attack. The tables in part 3-2 of the standard expand somewhat on the above using a combination of impact and likelihood to determine the required SL.
IEC 62443-1-1 defines seven foundational requirements (FR) to achieve a given SL. These are
These seven FR can be expressed as a vector so that [1,1,1,1,1,1,1] represents each of the above seven FR implemented to a SL 1 level of rigour. From a purely functional safety point of view you can then argue that by confidentiality, restricted data flow and resource availability are not so important and a SL 1 implementation is sufficient. Therefore, the required security vector for a safety system becomes [X,X,X,1,1,X,1] where X represents a SL of at least one.
If developing an IC or a piece of equipment once you have determined the required SL, you then proceed to IEC 62443-4-1- and IEC 62443-4-2. IEC 62443-4-1 tells you the process steps necessary under eight headings including security management and having an in depth defense strategy. The requirements are given independent of the SL. IEC 62443-4-2 gives you requirements under the heading of the seven FR and with additional requirements depending on whether it is an application, an embedded device a host device or a networked device. According to IEC 62443-4-2 the necessary requirements depend on the SL.
Part 4-2 provides requirements for 4 types of components with 47 requirements in total depending on the SL.
There is now a certification scheme in place for IEC 62443, see ISAsecure and the various TUV and Exida also offer certification.
Video of the Day: This video from Siemens highlights some of the issues and has dramatic music which I like in a video - https://www.youtube.com/watch?v=dlczMRRFdtQ&stc=nls_152_trackingID_en
For next time, the topic will be functional safety: recommended reads.