Litcius/Paper detail

Vulnerability and security risk assessment in a IIoT environment in compliance with standard IEC 62443

Hicham Lalaoui Hassani, Ayoub Bahnasse, Éric Martin, Christian Roland, Omar Bouattane, Mohammed El Mehdi Diouri

2021Procedia Computer Science30 citationsDOIOpen Access PDF

Abstract

Industrial networks based on the Internet of Things (IoT) have become the backbone of Industry 4.0. Indeed, these connected objects increase the efficiency, flexibility and autonomy of machines, thus improving the productivity and profitability of factories. However, the opening up of digitization technologies, especially in environments where failure is hardly tolerable, creates new challenges related to security. The number of vulnerabilities in industrial facilities is constantly increasing [1]. To implement a cyber defense framework for industrial systems, the cybersecurity standard IEC 62443 has been proposed. This standard mainly provides a set of instructions and measures to be put in place to ensure not only the security of the industrial system, but also operational safety. In this paper, we propose a new approach based on the standards IEC 62443-3-2 and IEC 62443-4-2 allowing us to verify, through an in-depth risk assessment, the conformity of the objects with the main security requirements.

Topics & Concepts

Computer scienceComputer securityFlexibility (engineering)Vulnerability (computing)Risk analysis (engineering)Conformity assessmentFunctional safetyDigitizationAsset (computer security)Industrial InternetInternet of ThingsTelecommunicationsComputer networkBusinessMathematicsOperating systemStatisticsPhysical Unclonable Functions (PUFs) and Hardware SecuritySmart Grid Security and ResilienceSafety Systems Engineering in Autonomy