Designing and Integrating IEC 62443 Compliant Threat Analysis

Autor: Stefan Hausmann, Sven Merschjohann, Torsten Förder, Masud Fazal-Baqaie, Boris Waldeck, Markus Fockel
Rok vydání: 2019
Předmět:
Zdroj: Communications in Computer and Information Science ISBN: 9783030280048
EuroSPI
DOI: 10.1007/978-3-030-28005-5_5
Popis: Cybersecurity gains more and more attention as the number of security incidents rises. In order to strengthen the security of products within the industrial automation domain, the novel standard IEC 62443 prescribes security practices throughout the development lifecycle that improve the security of the resulting product. However, implementing and integrating concrete security practices into the existing development processes is challenging, as best practices for the automation domain are still missing. Hence, in this paper we present our implementation of a standard compliant threat analysis for the development process of the industrial control systems manufacturer Phoenix Contact. Phoenix Contact was successfully certified for its compliance with IEC 62443. We illustrate the requirements of the standard, the resulting threat analysis process, and its tight integration into the existing development process and its tools.
Databáze: OpenAIRE