Designing and Integrating IEC 62443 Compliant Threat Analysis
Autor: | Stefan Hausmann, Sven Merschjohann, Torsten Förder, Masud Fazal-Baqaie, Boris Waldeck, Markus Fockel |
---|---|
Rok vydání: | 2019 |
Předmět: |
business.industry
Computer science Process (engineering) Best practice 02 engineering and technology Certification Industrial control system Automation Secure by design 020202 computer hardware & architecture Domain (software engineering) Risk analysis (engineering) 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Concrete security business |
Zdroj: | Communications in Computer and Information Science ISBN: 9783030280048 EuroSPI |
DOI: | 10.1007/978-3-030-28005-5_5 |
Popis: | Cybersecurity gains more and more attention as the number of security incidents rises. In order to strengthen the security of products within the industrial automation domain, the novel standard IEC 62443 prescribes security practices throughout the development lifecycle that improve the security of the resulting product. However, implementing and integrating concrete security practices into the existing development processes is challenging, as best practices for the automation domain are still missing. Hence, in this paper we present our implementation of a standard compliant threat analysis for the development process of the industrial control systems manufacturer Phoenix Contact. Phoenix Contact was successfully certified for its compliance with IEC 62443. We illustrate the requirements of the standard, the resulting threat analysis process, and its tight integration into the existing development process and its tools. |
Databáze: | OpenAIRE |
Externí odkaz: |