CAN/CSA-IEC/TR 62443-3-1:17
counter-measures, and technologies that may effectively apply to the modern electronically
based IACSs regulating and monitoring numerous industries and critical infrastructures. It
describes several categories of control system-centric cybersecurity technologies, the types of
products available in those categories, the pros and cons of using those products in the
automated IACS environments, relative to the expected threats and known cyber
vulnerabilities, and, most important, the preliminary recommendations and guidance for using
these cybersecurity technology products and/or countermeasures.
The concept of IACS cybersecurity as applied in this technical report is in the broadest possible
sense, encompassing all types of components, plants, facilities, and systems in all industries
and critical infrastructures. IACSs include, but are not limited to:
• Hardware (e.g., data historian servers) and software systems (e.g., operating platforms,
configurations, applications) such as Distributed Control Systems (DCSs), Programmable
Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) systems,
networked electronic sensing systems, and monitoring, diagnostic, and assessment
systems. Inclusive in this hardware and software domain is the essential industrial network
and any connected or related information technology (IT) devices and links critical to the
successful operation to the control system at large. As such, this domain also includes, but
is not limited to: firewalls, servers, routers, switches, gateways, fieldbus systems, intrusion
detection systems, intelligent electronic/end devices, remote terminal units (RTUs), and
both wired and wireless remote modems.
• Associated internal, human, network, or machine interfaces used to provide control, data
logging, diagnostics, safety, monitoring, maintenance, quality assurance, regulatory
compliance, auditing and other types of operational functionality for either continuous,
batch, discrete, and combined processes.
Similarly, the concept of cybersecurity technologies and countermeasures is also broadly
applied in this technical report and includes, but is not limited to, the following technologies:
• authentication and authorization;
• filtering, blocking, and access control;
• encryption;
• data validation;
• auditing;
• measurement;
• monitoring and detection tools;
• operating systems.
In addition, a non-cyber technology —physical security control— is an essential requirement for
some aspects of cybersecurity and is discussed in this technical report.
The purpose of this technical report is to categorize and define cybersecurity technologies,
countermeasures, and tools currently available to provide a common basis for later technical reports and standards to be produced by the ISA99 committee. Each technology in this
technical report is discussed in terms of:
• security vulnerabilities addressed by the technology, tool, and/or countermeasure;
• typical deployment;
• known issues and weaknesses;
• assessment of use in the IACS environment;
• future directions;
• recommendations and guidance;
• information sources and reference material.
The intent of this technical report is to document the known state of the art of cybersecurity
technologies, tools, and countermeasures applicable to the IACS environment, clearly define
which technologies can reasonably be deployed today, and define areas where more research
may be needed.
SDO:
CSA
Language:
English
ICS Codes:
25.040.40;
33.040.40;
35.040
Status:
Standard
Publish date:
2017-09-30
Standard Number:
CAN/CSA-IEC/TR 62443-3-1:17