What are the 3 phases of The IACS Cybersecurity Life Cycle?
Assess
Develop & Implement
Maintain
What are the three areas of the Assess phase?
High-Level Cyber Risk Assessment
Allocation of IACS Assets to Security Zones or Conduits
Detailed Cyber Risk Assessment
What are the continuous processes?
Cybersecurity Management System: Policies, Procedures, Training & Awareness (IEC 62443-2-1)
Periodic Cybersecurity Audits (IEC 62443-2-1)
How does an Asset Owner use ISA/IEC 62443-2-1?
Asset Owner selects risk assessment methodology, assigns roles and responsibilities, ensures appropriate training, resources, etc.
How does an Asset Owner and ISP use ISA/IEC 62443-3-2
Asset Owner and Integration
Service Provider use this part
to assess the risks of the
(SuC) System under
Consideration and meet with
the different ZCR’s (Zone and
Conduit Requirements)
How does an Asset Owner and ISP use ISA/IEC 62443-3-3?
Asset Owner and Integration
Service Provider use this part as a
guidance to bridge from risk
assessment outcome towards
system related security
requirements based on assigned
SL-T (Security Level Target).
How does a Product Supplier use ISA/IEC 62443-3-3?
Product Suppliers use this part to
understand what needs to be
developed to meet the needs of
the market for a specific type of
system.
How does a Product Supplier use ISA/IEC 62443-4-1 and ISA/IEC 62443-4-2?
Product Supplier uses these
parts to understand the
requirements placed on
control system components
for specific security
capability levels (SL-C) and
develop the components
accordingly.
What is the Necessary Information that needs documenting to perform a Risk Assessment? (Prepare phase)
- Define the goals of the Risk Assessment
- Clearly document the IACS and associated assets
- Develop a common, up-to-date understanding of the IACS
- Regulations, policies, etc.
– Government
– Industry
– Company - Gather and organize information such as architecture
diagrams, devices, configurations, known vulnerabilities - Define roles and responsibilities
- Establish training requirements
What are the Key Components to gather in the prepare phase?
- System architecture diagrams
– Physical
– Functional - Network diagrams
– Segments
– Networking components - Asset inventory
- Criticality assessment
- Process flow
- Data flow
- Business processes
What is the purpose of System Architecture Diagrams?
*Illustrate the components of
the system
* Illustrate connectivity
* Illustrate physical location
What are some System Architecture Diagrams Recommendations?
- All IACS functionality is graphically represented on at least one
IACS Architecture drawing - Present the information following the ISA-62443-1-1 Reference
Model
– Based on the ISA-95 - Include images/pictures of the IACS hardware components to
provide context and assistance in identifying the equipment
on site - Color code or use different line types for different networks
and network segments
What is ISA 95 Level 0?
Level 0 — The physical process — Defines the actual physical processes.
How many ISA-95 Functional Layers?
5 = (0,1,2,3,4)
What is ISA 95 Level 1?
Level 1 — Intelligent devices — Sensing and manipulating the physical processes. Process, sensors, analyzers, actuators and related instrumentation.
What is ISA 95 Level 2?
Level 2 — Control systems — Supervising, monitoring and controlling the physical processes. Real-time controls and software; DCS, human-machine interface (HMI); supervisory and data acquisition (SCADA) software.
What is ISA 95 Level 3?
Level 3 — Manufacturing operations systems — Managing production workflow to produce the desired products. Batch management; manufacturing execution/operations management
systems (MES/MOMS); laboratory, maintenance and plant performance management systems; data historians and related middleware. Time frame: shifts, hours, minutes, seconds.
What is ISA 95 Level 4?
Level 4 — Business logistics systems — Managing the business-related activities of the manufacturing operation. ERP is the primary system; establishes the basic plant production schedule, material use, shipping and inventory levels. Time frame: months, weeks, days,
shifts.
ISA95 Level 3 and below is the … domain?
Control
Key overview of Network Diagrams
- Detail how the network is physically and logically constructed
- Individual routers, switches, firewalls are shown symbolically
- Switch port assignments are identified
- VLANS are documented
- May or may not show hosts (e.g. devices plugged into
switches)
Key overview of Asset Inventory?
*Facilities should maintain a list or database of all IACS and SCADA hardware (physical and virtual) and software
- Compiled through documentation and site survey
- Automated tools can be used to gather this data
- Automated tools should be carefully tested to ensure they do not impact system availability or integrity and do not introduce security
vulnerabilities
Name the different types of Asset Inventory Tools?
- Network management tools
- Software Asset Management (SAM) tools
- Configuration management tools
When preparing for a risk assessment a … approach is preferred?
Combined Approach Preferred
Asset Owner and Integration Service Provider will understand the SuC better by combining different approaches:
* Documentation Analysis
* Assisted Analysis with tools
* Walk through the plant
