Module duration: 8 hours
This module is based on ISA/IEC 62443 standard, and in particular on tier 62443-4, parts 4-1 and 4-2, defined for the industrial context. It is the reference cybersecurity standard in the field of industrial automation and control systems, also applied in transportation systems. We present the requirements proposed by the standard and the essential ingredients that must be considered to create a secure product.
The goal of the module is to address security topics for industrial components leveraging on the ISA/IEC 62443 standard. Two specific parts of the standard are looked into in further detail: part 4-1, that introduces the concept of maturity levels and part 4-2, that introduces the concept of security levels. The concepts taken from these sections of the standard have practical relevance both for product development and for security assessment.
Before diving into some of the more practical aspects introduced by the 4-1 and 4-2 standard parts, the module provides both an introduction to the basic underlying technical concepts and contextualization in the application domain, analyzing the typical requirements and needs of the industrial sector.
The course consists of the following main topics:
• The ISA/IEC 62443 Standard
• Concepts from the 62443 Standard
• Foundational Requirements and Security Levels (62443-4-2)
• Practices and Maturity Levels (62443-4-1)
The module is targeted at professionals working for companies that deliver components (embedded devices, sw applications, hosts, network devices) used in industrial contexts, including both the technical figures who will directly act according to the procedures defined in the standard (platform developers, embedded SW developers, product testers, technical leaders) and the non-strictly technical professionals (product and project managers, business developers…) who wish to better understand the value brought by application of the 62443 standard to the products and processes that they manage.