A recent white paper published by the ISA Security Compliance Institute (ISCI) and its ISASecure certification program asserts that commercial off the shelf (COTS) components should be manufactured to a minimum of security level 2 (SL2) as defined in the ISA/IEC 62443 series of standards. Read the white paper and review a recent webinar from March 2024 .
SL1 or SL2?
SL1 capabilities as defined in IEC/ISA-62443-4-2 have been instrumental in raising the safety and security bar. Before these were defined, many COTS components lacked embedded security capabilities. Today, SL1 is broadly recognized as a standardized set of minimum expected embedded security capabilities in industrial automation and control system (IACS) components. However, SL1 capabilities are somewhat generic and casual - not intended to protect against intentional or malicious violations. SL2 capabilities not only raise the protection level by providing additional security functionality but also enhance SL1 capabilities, narrowing down disparities and increasing security resiliency.
More importantly, SL2 introduces security capabilities common in today’s IT environments but not that common in operational technology (OT) environments. Enabling those capabilities requires developing and maturing the right competencies for asset owners, system integrator service providers and product supplier organizations.
Now more than ever
SL2 adds additional security capabilities generally recognized to help mitigate well known attack scenarios. Today, an increasing number of intentional attacks are being detected that target industrial automation and control systems, indicating the need for such additional mitigations. For example, the SL2 criteria strengthen the security capabilities of components by requiring that a component:
- Uniquely distinguish between individual human or non-human users interacting with the component, increasing the ability to trace the source for user activity that
- Authenticate itself to an overall system into which it has been integrated, raising the level of trust between the system and component
- Provide the ability to tailor human role definitions to reflect site operations, limiting unnecessary insider access
- Close inactive communication sessions that remain open as potential attack vectors
- Verify the source of communications to the component, limiting sources for network attacks
- Protect test interfaces from use as potential attack vectors
- Increase assurance that code in execution, including mobile code, updates and upgrades came from a trusted source and has not been subject to tampering.
may constitute an attack
This paper provides a review of the additional security functionality that IACS components designed and certified to meet ISA/IEC 62443-4-2 SL2 capabilities must exhibit. This includes review of how those additional capabilities increase the security resiliency of the component, as well as the security of any system into which the component is integrated.
More about ISASecure
Founded by the International Society of Automation (ISA), the ISASecure certification program certifies conformance to the ISA/IEC 62443 series of internationally adopted industrial security standards. ISASecure assesses automation and control products and systems to ensure they are robust against network attacks, free from known vulnerabilities and meet the security capabilities defined in the ISA/IEC 62443 standards.
To review the white paper and learn more, visit www.isasecure.org. This feature was originally published on ISAGCA.
